wpscan 3.8.22 → 3.8.25
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -7
- data/app/controllers/password_attack.rb +2 -1
- data/lib/wpscan/db/updater.rb +1 -1
- data/lib/wpscan/db/vuln_api.rb +1 -1
- data/lib/wpscan/version.rb +1 -1
- metadata +9 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 48e1401dae252247e3d9a8c2f10d18bbf0b7b49e28a6b841e0462fe080ebce39
|
4
|
+
data.tar.gz: fce0a22e6f78ab616b11446ec6f049002b10aaf6c7d37fe333189de58a7ec444
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 52c42ec12834ac64777d40b06cac6bc1c1f7934a7c239ba065a604be7ea536a70c89e34120cf77d960401d188330ea06a83072f7a4843aa1e02fded7eff39e7c
|
7
|
+
data.tar.gz: 37742dc5f1487abd4c428dbc3b77303d7fd81c4ef2256666e45047fb1a03f170b6a5e136620defb15358ed0776ea95deeeb68a05af38639fe3195a8a16ad8c79
|
data/README.md
CHANGED
@@ -25,8 +25,7 @@
|
|
25
25
|
## Prerequisites
|
26
26
|
|
27
27
|
- (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
|
28
|
-
- Ruby >= 2.
|
29
|
-
- Ruby 2.5.0 to 2.5.3 can cause an 'undefined symbol: rmpd_util_str_to_d' error in some systems, see [#1283](https://github.com/wpscanteam/wpscan/issues/1283)
|
28
|
+
- Ruby >= 2.7 - Recommended: latest
|
30
29
|
- Curl >= 7.72 - Recommended: latest
|
31
30
|
- The 7.29 has a segfault
|
32
31
|
- The < 7.72 could result in `Stream error in the HTTP/2 framing layer` in some cases
|
@@ -90,15 +89,12 @@ The DB is located at ~/.wpscan/db
|
|
90
89
|
|
91
90
|
The WPScan CLI tool uses the [WordPress Vulnerability Database API](https://wpscan.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPScan.com](https://wpscan.com/register).
|
92
91
|
|
93
|
-
Up to 25 API requests per day are given free of charge, that should be suitable to scan most WordPress websites at least once per day. When the daily 25 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data.
|
94
|
-
|
95
|
-
#### The Free plan allows 25 API requests per day. View the different [available API plans](https://wpscan.com/api).
|
92
|
+
Up to **25** API requests per day are given free of charge, that should be suitable to scan most WordPress websites at least once per day. When the daily 25 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data.
|
96
93
|
|
97
94
|
### How many API requests do you need?
|
98
95
|
|
99
96
|
- Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
|
100
97
|
- On average, a WordPress website has 22 installed plugins.
|
101
|
-
- The Free plan should cover around 50% of all WordPress websites.
|
102
98
|
|
103
99
|
## Load CLI options from file/s
|
104
100
|
|
@@ -137,7 +133,7 @@ The feature mentioned above is useful to keep the API Token in a config file and
|
|
137
133
|
|
138
134
|
```yml
|
139
135
|
cli_options:
|
140
|
-
api_token: YOUR_API_TOKEN
|
136
|
+
api_token: 'YOUR_API_TOKEN'
|
141
137
|
```
|
142
138
|
|
143
139
|
## Load API Token From ENV (since v3.7.10)
|
@@ -17,7 +17,8 @@ module WPScan
|
|
17
17
|
'Maximum number of passwords to send by request with XMLRPC multicall'],
|
18
18
|
default: 500),
|
19
19
|
OptChoice.new(['--password-attack ATTACK',
|
20
|
-
'Force the supplied attack to be used rather than automatically determining one.'
|
20
|
+
'Force the supplied attack to be used rather than automatically determining one.',
|
21
|
+
'Multicall will only work against WP < 4.4'],
|
21
22
|
choices: %w[wp-login xmlrpc xmlrpc-multicall],
|
22
23
|
normalize: %i[downcase underscore to_sym]),
|
23
24
|
OptString.new(['--login-uri URI', 'The URI of the login page if different from /wp-login.php'])
|
data/lib/wpscan/db/updater.rb
CHANGED
@@ -73,7 +73,7 @@ module WPScan
|
|
73
73
|
# @return [ Hash ] The params for Typhoeus::Request
|
74
74
|
# @note Those params can't be overriden by CLI options
|
75
75
|
def request_params
|
76
|
-
@request_params ||= Browser.instance.
|
76
|
+
@request_params ||= Browser.instance.default_request_params.merge(
|
77
77
|
timeout: 600,
|
78
78
|
connecttimeout: 300,
|
79
79
|
accept_encoding: 'gzip, deflate',
|
data/lib/wpscan/db/vuln_api.rb
CHANGED
@@ -70,7 +70,7 @@ module WPScan
|
|
70
70
|
# @return [ Hash ]
|
71
71
|
# @note Those params can not be overriden by CLI options
|
72
72
|
def self.default_request_params
|
73
|
-
@default_request_params ||= Browser.instance.
|
73
|
+
@default_request_params ||= Browser.instance.default_request_params.merge(
|
74
74
|
headers: {
|
75
75
|
'User-Agent' => Browser.instance.default_user_agent,
|
76
76
|
'Authorization' => "Token token=#{token}"
|
data/lib/wpscan/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: wpscan
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.8.
|
4
|
+
version: 3.8.25
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- WPScanTeam
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-09-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: cms_scanner
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.13.
|
19
|
+
version: 0.13.9
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.13.
|
26
|
+
version: 0.13.9
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: bundler
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -72,14 +72,14 @@ dependencies:
|
|
72
72
|
requirements:
|
73
73
|
- - "~>"
|
74
74
|
- !ruby/object:Gem::Version
|
75
|
-
version: 3.
|
75
|
+
version: 3.12.0
|
76
76
|
type: :development
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
80
|
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
|
-
version: 3.
|
82
|
+
version: 3.12.0
|
83
83
|
- !ruby/object:Gem::Dependency
|
84
84
|
name: rspec-its
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -170,14 +170,14 @@ dependencies:
|
|
170
170
|
requirements:
|
171
171
|
- - "~>"
|
172
172
|
- !ruby/object:Gem::Version
|
173
|
-
version: 3.
|
173
|
+
version: 3.19.1
|
174
174
|
type: :development
|
175
175
|
prerelease: false
|
176
176
|
version_requirements: !ruby/object:Gem::Requirement
|
177
177
|
requirements:
|
178
178
|
- - "~>"
|
179
179
|
- !ruby/object:Gem::Version
|
180
|
-
version: 3.
|
180
|
+
version: 3.19.1
|
181
181
|
description: WPScan is a black box WordPress vulnerability scanner.
|
182
182
|
email:
|
183
183
|
- contact@wpscan.com
|
@@ -390,7 +390,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
390
390
|
requirements:
|
391
391
|
- - ">="
|
392
392
|
- !ruby/object:Gem::Version
|
393
|
-
version: '2.
|
393
|
+
version: '2.7'
|
394
394
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
395
395
|
requirements:
|
396
396
|
- - ">="
|