wpscan 3.8.25 → 3.8.27

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 48e1401dae252247e3d9a8c2f10d18bbf0b7b49e28a6b841e0462fe080ebce39
4
- data.tar.gz: fce0a22e6f78ab616b11446ec6f049002b10aaf6c7d37fe333189de58a7ec444
3
+ metadata.gz: d29abda140d06c8127ca6b269520f1c8163a560a166ca6060cc10ece2ed5f090
4
+ data.tar.gz: 981f46f903788cd3a7b116a1da18c6fba8c2c020f1ad1abd3b474b3a218e42a1
5
5
  SHA512:
6
- metadata.gz: 52c42ec12834ac64777d40b06cac6bc1c1f7934a7c239ba065a604be7ea536a70c89e34120cf77d960401d188330ea06a83072f7a4843aa1e02fded7eff39e7c
7
- data.tar.gz: 37742dc5f1487abd4c428dbc3b77303d7fd81c4ef2256666e45047fb1a03f170b6a5e136620defb15358ed0776ea95deeeb68a05af38639fe3195a8a16ad8c79
6
+ metadata.gz: c4846f77926360c315076a42fc554c7eaf1c58b843ef900bd692348f444473454d305e3d6e4faed8702a25235da381dfe9a945d99d52ff5ab229979fde0b2e62
7
+ data.tar.gz: 5e8d262320434724aba17e66568f8b3b43918fb27fa3992c31931e706097f33274d327024f982d6531e71a16b8e6c70cfd8ab251f6182fd0f80a083251cd2129
data/README.md CHANGED
@@ -25,7 +25,7 @@
25
25
  ## Prerequisites
26
26
 
27
27
  - (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
28
- - Ruby >= 2.7 - Recommended: latest
28
+ - Ruby >= 3.0 - Recommended: latest
29
29
  - Curl >= 7.72 - Recommended: latest
30
30
  - The 7.29 has a segfault
31
31
  - The < 7.72 could result in `Stream error in the HTTP/2 framing layer` in some cases
@@ -38,7 +38,9 @@ When using a pentesting distubution (such as Kali Linux), it is recommended to i
38
38
 
39
39
  ### In macOSX via Homebrew
40
40
 
41
- `brew install wpscanteam/tap/wpscan`
41
+ ```shell
42
+ brew install wpscanteam/tap/wpscan
43
+ ```
42
44
 
43
45
  ### From RubyGems
44
46
 
@@ -7,6 +7,10 @@ module WPScan
7
7
  class KnownLocations < CMSScanner::Finders::Finder
8
8
  include CMSScanner::Finders::Finder::Enumerator
9
9
 
10
+ def valid_response_codes
11
+ @valid_response_codes ||= [200, 206].freeze
12
+ end
13
+
10
14
  SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/.freeze
11
15
 
12
16
  # @param [ Hash ] opts
@@ -17,7 +21,7 @@ module WPScan
17
21
  def aggressive(opts = {})
18
22
  found = []
19
23
 
20
- enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
24
+ enumerate(potential_urls(opts), opts.merge(check_full_response: valid_response_codes)) do |res|
21
25
  if res.effective_url.end_with?('.zip')
22
26
  next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type'])
23
27
  else
data/app/models/theme.rb CHANGED
@@ -92,7 +92,7 @@ module WPScan
92
92
  tags: 'Tags',
93
93
  text_domain: 'Text Domain'
94
94
  }.each do |attribute, tag|
95
- instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag))
95
+ instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag)&.force_encoding('UTF-8'))
96
96
  end
97
97
  end
98
98
 
@@ -25,6 +25,10 @@ module WPScan
25
25
 
26
26
  @all_numbers = []
27
27
 
28
+ DB::Version.metadata.each_key do |ver|
29
+ @all_numbers << ver
30
+ end
31
+
28
32
  DB::Fingerprints.wp_fingerprints.each_value do |fp|
29
33
  @all_numbers << fp.values
30
34
  end
data/lib/wpscan/helper.rb CHANGED
@@ -16,5 +16,8 @@ def classify_slug(slug)
16
16
  classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/-{1,}/, '_').camelize.to_s
17
17
  classified = "D_#{classified}" if /\d/.match?(classified[0])
18
18
 
19
+ # Special case for slugs with all non-latin characters.
20
+ classified = "HexSlug_#{slug.bytes.map { |i| i.to_s(16) }.join}" if classified.empty?
21
+
19
22
  classified.to_sym
20
23
  end
@@ -2,5 +2,5 @@
2
2
 
3
3
  # Version
4
4
  module WPScan
5
- VERSION = '3.8.25'
5
+ VERSION = '3.8.27'
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.8.25
4
+ version: 3.8.27
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-09-29 00:00:00.000000000 Z
11
+ date: 2024-09-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.13.9
19
+ version: 0.14.3
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.13.9
26
+ version: 0.14.3
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 0.21.0
131
+ version: 0.22.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 0.21.0
138
+ version: 0.22.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: simplecov-lcov
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -390,14 +390,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
390
390
  requirements:
391
391
  - - ">="
392
392
  - !ruby/object:Gem::Version
393
- version: '2.7'
393
+ version: '3.0'
394
394
  required_rubygems_version: !ruby/object:Gem::Requirement
395
395
  requirements:
396
396
  - - ">="
397
397
  - !ruby/object:Gem::Version
398
398
  version: '0'
399
399
  requirements: []
400
- rubygems_version: 3.0.3.1
400
+ rubygems_version: 3.2.33
401
401
  signing_key:
402
402
  specification_version: 4
403
403
  summary: WPScan - WordPress Vulnerability Scanner