wpscan 3.8.25 → 3.8.27
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +4 -2
- data/app/finders/db_exports/known_locations.rb +5 -1
- data/app/models/theme.rb +1 -1
- data/app/models/wp_version.rb +4 -0
- data/lib/wpscan/helper.rb +3 -0
- data/lib/wpscan/version.rb +1 -1
- metadata +8 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d29abda140d06c8127ca6b269520f1c8163a560a166ca6060cc10ece2ed5f090
|
4
|
+
data.tar.gz: 981f46f903788cd3a7b116a1da18c6fba8c2c020f1ad1abd3b474b3a218e42a1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c4846f77926360c315076a42fc554c7eaf1c58b843ef900bd692348f444473454d305e3d6e4faed8702a25235da381dfe9a945d99d52ff5ab229979fde0b2e62
|
7
|
+
data.tar.gz: 5e8d262320434724aba17e66568f8b3b43918fb27fa3992c31931e706097f33274d327024f982d6531e71a16b8e6c70cfd8ab251f6182fd0f80a083251cd2129
|
data/README.md
CHANGED
@@ -25,7 +25,7 @@
|
|
25
25
|
## Prerequisites
|
26
26
|
|
27
27
|
- (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
|
28
|
-
- Ruby >=
|
28
|
+
- Ruby >= 3.0 - Recommended: latest
|
29
29
|
- Curl >= 7.72 - Recommended: latest
|
30
30
|
- The 7.29 has a segfault
|
31
31
|
- The < 7.72 could result in `Stream error in the HTTP/2 framing layer` in some cases
|
@@ -38,7 +38,9 @@ When using a pentesting distubution (such as Kali Linux), it is recommended to i
|
|
38
38
|
|
39
39
|
### In macOSX via Homebrew
|
40
40
|
|
41
|
-
|
41
|
+
```shell
|
42
|
+
brew install wpscanteam/tap/wpscan
|
43
|
+
```
|
42
44
|
|
43
45
|
### From RubyGems
|
44
46
|
|
@@ -7,6 +7,10 @@ module WPScan
|
|
7
7
|
class KnownLocations < CMSScanner::Finders::Finder
|
8
8
|
include CMSScanner::Finders::Finder::Enumerator
|
9
9
|
|
10
|
+
def valid_response_codes
|
11
|
+
@valid_response_codes ||= [200, 206].freeze
|
12
|
+
end
|
13
|
+
|
10
14
|
SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/.freeze
|
11
15
|
|
12
16
|
# @param [ Hash ] opts
|
@@ -17,7 +21,7 @@ module WPScan
|
|
17
21
|
def aggressive(opts = {})
|
18
22
|
found = []
|
19
23
|
|
20
|
-
enumerate(potential_urls(opts), opts.merge(check_full_response:
|
24
|
+
enumerate(potential_urls(opts), opts.merge(check_full_response: valid_response_codes)) do |res|
|
21
25
|
if res.effective_url.end_with?('.zip')
|
22
26
|
next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type'])
|
23
27
|
else
|
data/app/models/theme.rb
CHANGED
@@ -92,7 +92,7 @@ module WPScan
|
|
92
92
|
tags: 'Tags',
|
93
93
|
text_domain: 'Text Domain'
|
94
94
|
}.each do |attribute, tag|
|
95
|
-
instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag))
|
95
|
+
instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag)&.force_encoding('UTF-8'))
|
96
96
|
end
|
97
97
|
end
|
98
98
|
|
data/app/models/wp_version.rb
CHANGED
data/lib/wpscan/helper.rb
CHANGED
@@ -16,5 +16,8 @@ def classify_slug(slug)
|
|
16
16
|
classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/-{1,}/, '_').camelize.to_s
|
17
17
|
classified = "D_#{classified}" if /\d/.match?(classified[0])
|
18
18
|
|
19
|
+
# Special case for slugs with all non-latin characters.
|
20
|
+
classified = "HexSlug_#{slug.bytes.map { |i| i.to_s(16) }.join}" if classified.empty?
|
21
|
+
|
19
22
|
classified.to_sym
|
20
23
|
end
|
data/lib/wpscan/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: wpscan
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.8.
|
4
|
+
version: 3.8.27
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- WPScanTeam
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-09-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: cms_scanner
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.14.3
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.14.3
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: bundler
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,14 +128,14 @@ dependencies:
|
|
128
128
|
requirements:
|
129
129
|
- - "~>"
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: 0.
|
131
|
+
version: 0.22.0
|
132
132
|
type: :development
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: 0.
|
138
|
+
version: 0.22.0
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: simplecov-lcov
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -390,14 +390,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
390
390
|
requirements:
|
391
391
|
- - ">="
|
392
392
|
- !ruby/object:Gem::Version
|
393
|
-
version: '
|
393
|
+
version: '3.0'
|
394
394
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
395
395
|
requirements:
|
396
396
|
- - ">="
|
397
397
|
- !ruby/object:Gem::Version
|
398
398
|
version: '0'
|
399
399
|
requirements: []
|
400
|
-
rubygems_version: 3.
|
400
|
+
rubygems_version: 3.2.33
|
401
401
|
signing_key:
|
402
402
|
specification_version: 4
|
403
403
|
summary: WPScan - WordPress Vulnerability Scanner
|