wpscan 3.8.22 → 3.8.25

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +3 -7
  3. data/app/controllers/password_attack.rb +2 -1
  4. data/lib/wpscan/db/updater.rb +1 -1
  5. data/lib/wpscan/db/vuln_api.rb +1 -1
  6. data/lib/wpscan/version.rb +1 -1
  7. metadata +9 -9
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c510fa42904154d92ab0517e7d80861d55230eccd33f1fcd05bac579f59e0ff4
4
- data.tar.gz: bb32077f76c587b13f9050dc148a8214072c08c71cba0a5220841c371c8ac5a1
3
+ metadata.gz: 48e1401dae252247e3d9a8c2f10d18bbf0b7b49e28a6b841e0462fe080ebce39
4
+ data.tar.gz: fce0a22e6f78ab616b11446ec6f049002b10aaf6c7d37fe333189de58a7ec444
5
5
  SHA512:
6
- metadata.gz: 8b46eca5d03d59cdb0cc5a2ca18420564b6d9ba4dede5246da955206f24570001f5045280dfa7283f47d202c444a6f128e2dde5c618e97d68183d9f72ac4a9c0
7
- data.tar.gz: 1b9c59b135c53555e18cf4bd6d97f17b8cac2d688253c770578b5c23c589384d66dfd4ebdee26964223344977e6bef936f42693af26f981da3333377d88d4c1b
6
+ metadata.gz: 52c42ec12834ac64777d40b06cac6bc1c1f7934a7c239ba065a604be7ea536a70c89e34120cf77d960401d188330ea06a83072f7a4843aa1e02fded7eff39e7c
7
+ data.tar.gz: 37742dc5f1487abd4c428dbc3b77303d7fd81c4ef2256666e45047fb1a03f170b6a5e136620defb15358ed0776ea95deeeb68a05af38639fe3195a8a16ad8c79
data/README.md CHANGED
@@ -25,8 +25,7 @@
25
25
  ## Prerequisites
26
26
 
27
27
  - (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
28
- - Ruby >= 2.5 - Recommended: latest
29
- - Ruby 2.5.0 to 2.5.3 can cause an 'undefined symbol: rmpd_util_str_to_d' error in some systems, see [#1283](https://github.com/wpscanteam/wpscan/issues/1283)
28
+ - Ruby >= 2.7 - Recommended: latest
30
29
  - Curl >= 7.72 - Recommended: latest
31
30
  - The 7.29 has a segfault
32
31
  - The < 7.72 could result in `Stream error in the HTTP/2 framing layer` in some cases
@@ -90,15 +89,12 @@ The DB is located at ~/.wpscan/db
90
89
 
91
90
  The WPScan CLI tool uses the [WordPress Vulnerability Database API](https://wpscan.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPScan.com](https://wpscan.com/register).
92
91
 
93
- Up to 25 API requests per day are given free of charge, that should be suitable to scan most WordPress websites at least once per day. When the daily 25 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPScan.com](https://wpscan.com/).
94
-
95
- #### The Free plan allows 25 API requests per day. View the different [available API plans](https://wpscan.com/api).
92
+ Up to **25** API requests per day are given free of charge, that should be suitable to scan most WordPress websites at least once per day. When the daily 25 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data.
96
93
 
97
94
  ### How many API requests do you need?
98
95
 
99
96
  - Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
100
97
  - On average, a WordPress website has 22 installed plugins.
101
- - The Free plan should cover around 50% of all WordPress websites.
102
98
 
103
99
  ## Load CLI options from file/s
104
100
 
@@ -137,7 +133,7 @@ The feature mentioned above is useful to keep the API Token in a config file and
137
133
 
138
134
  ```yml
139
135
  cli_options:
140
- api_token: YOUR_API_TOKEN
136
+ api_token: 'YOUR_API_TOKEN'
141
137
  ```
142
138
 
143
139
  ## Load API Token From ENV (since v3.7.10)
data/app/controllers/password_attack.rb CHANGED
@@ -17,7 +17,8 @@ module WPScan
17
17
  'Maximum number of passwords to send by request with XMLRPC multicall'],
18
18
  default: 500),
19
19
  OptChoice.new(['--password-attack ATTACK',
20
- 'Force the supplied attack to be used rather than automatically determining one.'],
20
+ 'Force the supplied attack to be used rather than automatically determining one.',
21
+ 'Multicall will only work against WP < 4.4'],
21
22
  choices: %w[wp-login xmlrpc xmlrpc-multicall],
22
23
  normalize: %i[downcase underscore to_sym]),
23
24
  OptString.new(['--login-uri URI', 'The URI of the login page if different from /wp-login.php'])
data/lib/wpscan/db/updater.rb CHANGED
@@ -73,7 +73,7 @@ module WPScan
73
73
  # @return [ Hash ] The params for Typhoeus::Request
74
74
  # @note Those params can't be overriden by CLI options
75
75
  def request_params
76
- @request_params ||= Browser.instance.default_connect_request_params.merge(
76
+ @request_params ||= Browser.instance.default_request_params.merge(
77
77
  timeout: 600,
78
78
  connecttimeout: 300,
79
79
  accept_encoding: 'gzip, deflate',
data/lib/wpscan/db/vuln_api.rb CHANGED
@@ -70,7 +70,7 @@ module WPScan
70
70
  # @return [ Hash ]
71
71
  # @note Those params can not be overriden by CLI options
72
72
  def self.default_request_params
73
- @default_request_params ||= Browser.instance.default_connect_request_params.merge(
73
+ @default_request_params ||= Browser.instance.default_request_params.merge(
74
74
  headers: {
75
75
  'User-Agent' => Browser.instance.default_user_agent,
76
76
  'Authorization' => "Token token=#{token}"
data/lib/wpscan/version.rb CHANGED
@@ -2,5 +2,5 @@
2
2
 
3
3
  # Version
4
4
  module WPScan
5
- VERSION = '3.8.22'
5
+ VERSION = '3.8.25'
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.8.22
4
+ version: 3.8.25
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-04-04 00:00:00.000000000 Z
11
+ date: 2023-09-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.13.8
19
+ version: 0.13.9
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.13.8
26
+ version: 0.13.9
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -72,14 +72,14 @@ dependencies:
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: 3.11.0
75
+ version: 3.12.0
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: 3.11.0
82
+ version: 3.12.0
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: rspec-its
85
85
  requirement: !ruby/object:Gem::Requirement
@@ -170,14 +170,14 @@ dependencies:
170
170
  requirements:
171
171
  - - "~>"
172
172
  - !ruby/object:Gem::Version
173
- version: 3.14.0
173
+ version: 3.19.1
174
174
  type: :development
175
175
  prerelease: false
176
176
  version_requirements: !ruby/object:Gem::Requirement
177
177
  requirements:
178
178
  - - "~>"
179
179
  - !ruby/object:Gem::Version
180
- version: 3.14.0
180
+ version: 3.19.1
181
181
  description: WPScan is a black box WordPress vulnerability scanner.
182
182
  email:
183
183
  - contact@wpscan.com
@@ -390,7 +390,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
390
390
  requirements:
391
391
  - - ">="
392
392
  - !ruby/object:Gem::Version
393
- version: '2.5'
393
+ version: '2.7'
394
394
  required_rubygems_version: !ruby/object:Gem::Requirement
395
395
  requirements:
396
396
  - - ">="