wpscan 3.8.9 → 3.8.14

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ccd5d089dbc719aed499e6cbe8792ac31003ff5e189a9387d75ec3b56bd59a4e
4
- data.tar.gz: 903bb417d674a4fb4c97be5cd4fc0d1ce77fc76c2e6f0ac41dad254c6b75775a
3
+ metadata.gz: d92987a79ce81cfccb4da098cda4a6a59c2e6e121f89f9f12e5419ea78abcdf9
4
+ data.tar.gz: b3f4cdf6692be6bafcab1438b0c53c85ea7b3fe12793170fa0b0321e855766e2
5
5
  SHA512:
6
- metadata.gz: 429646b6120ec540078ac08a432d3775b869fae0e3879a8cd6944814aca9a70db5fbff4046f37158e770ab59ac6f64731014d238204b98e4f4b7e108b51a94e9
7
- data.tar.gz: 12089aea65c2c1a98644517505299bcf7035822dcd6b0a695796fd95f90e6f4a145c97f8256cba6a340268b369ff7295ce715747074a9e34b2305cf40a8b75fd
6
+ metadata.gz: 5172e4e451cb1d8e114a5d36d430ffc16a9136398e07f1f48c7394b96b75eb239cbbe669436ebbc39701c5e9f083450558718a1543e383203a9b48888c60b801
7
+ data.tar.gz: 6da75bbfe51b69955b445f4043e233167924e6657ef1ec954b6cc037777d71c97b682f96505626ae795286b7a1641fbe2cfaf2fc231de482d871f04b86d1ce60
data/README.md CHANGED
@@ -1,5 +1,5 @@
1
1
  <p align="center">
2
- <a href="https://wpscan.org/">
2
+ <a href="https://wpscan.com/">
3
3
  <img src="https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/images/wpscan_logo.png" alt="WPScan logo">
4
4
  </a>
5
5
  </p>
@@ -24,10 +24,11 @@
24
24
  ## Prerequisites
25
25
 
26
26
  - (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
27
- - Ruby >= 2.3 - Recommended: latest
27
+ - Ruby >= 2.5 - Recommended: latest
28
28
  - Ruby 2.5.0 to 2.5.3 can cause an 'undefined symbol: rmpd_util_str_to_d' error in some systems, see [#1283](https://github.com/wpscanteam/wpscan/issues/1283)
29
- - Curl >= 7.21 - Recommended: latest
29
+ - Curl >= 7.72 - Recommended: latest
30
30
  - The 7.29 has a segfault
31
+ - The < 7.72 could result in `Stream error in the HTTP/2 framing layer` in some cases
31
32
  - RubyGems - Recommended: latest
32
33
  - Nokogiri might require packages to be installed via your package manager depending on your OS, see https://nokogiri.org/tutorials/installing_nokogiri.html
33
34
 
@@ -35,6 +36,10 @@
35
36
 
36
37
  When using a pentesting distubution (such as Kali Linux), it is recommended to install/update wpscan via the package manager if available.
37
38
 
39
+ ### In macOSX via Homebrew
40
+
41
+ `brew install wpscanteam/tap/wpscan`
42
+
38
43
  ### From RubyGems
39
44
 
40
45
  ```shell
@@ -80,9 +85,19 @@ For more options, open a terminal and type ```wpscan --help``` (if you built wps
80
85
 
81
86
  The DB is located at ~/.wpscan/db
82
87
 
83
- ## Vulnerability Database
88
+ ## Optional: WordPress Vulnerability Database API
89
+
90
+ The WPScan CLI tool uses the [WordPress Vulnerability Database API](https://wpscan.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPScan.com](https://wpscan.com/register).
91
+
92
+ Up to 25 API requests per day are given free of charge, that should be suitable to scan most WordPress websites at least once per day. When the daily 25 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPScan.com](https://wpscan.com/).
93
+
94
+ #### The Free plan allows 25 API requests per day. View the different [available API plans](https://wpscan.com/api).
95
+
96
+ ### How many API requests do you need?
84
97
 
85
- The WPScan CLI tool uses the [WPScan API](https://wpscan.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPScan](https://wpscan.com/register). Up to 50 API requests per day are given free of charge to registered users. Once the 50 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPScan](https://wpscan.com/).
98
+ - Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
99
+ - On average, a WordPress website has 22 installed plugins.
100
+ - The Free plan should cover around 50% of all WordPress websites.
86
101
 
87
102
  ## Load CLI options from file/s
88
103
 
@@ -176,7 +191,7 @@ Example cases which do not require a commercial license, and thus fall under the
176
191
  - Using WPScan to test your own systems.
177
192
  - Any non-commercial use of WPScan.
178
193
 
179
- If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
194
+ If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - contact@wpscan.com.
180
195
 
181
196
  Free-use Terms and Conditions;
182
197
 
@@ -8,13 +8,13 @@ module WPScan
8
8
  def cli_options
9
9
  [OptURL.new(['--url URL', 'The URL of the blog to scan'],
10
10
  required_unless: %i[update help hh version], default_protocol: 'http')] +
11
- super.drop(1) + # delete the --url from CMSScanner
11
+ super.drop(2) + # delete the --url and --force from CMSScanner
12
12
  [
13
13
  OptChoice.new(['--server SERVER', 'Force the supplied server module to be loaded'],
14
14
  choices: %w[apache iis nginx],
15
15
  normalize: %i[downcase to_sym],
16
16
  advanced: true),
17
- OptBoolean.new(['--force', 'Do not check if the target is running WordPress']),
17
+ OptBoolean.new(['--force', 'Do not check if the target is running WordPress or returns a 403']),
18
18
  OptBoolean.new(['--[no-]update', 'Whether or not to update the Database'])
19
19
  ]
20
20
  end
@@ -39,7 +39,7 @@ module WPScan
39
39
  output('@notice', msg: 'It seems like you have not updated the database for some time.')
40
40
  print '[?] Do you want to update now? [Y]es [N]o, default: [N]'
41
41
 
42
- /^y/i.match?(Readline.readline) ? true : false
42
+ /^y/i.match?(Readline.readline)
43
43
  end
44
44
 
45
45
  def update_db
@@ -19,7 +19,8 @@ module WPScan
19
19
  OptChoice.new(['--password-attack ATTACK',
20
20
  'Force the supplied attack to be used rather than automatically determining one.'],
21
21
  choices: %w[wp-login xmlrpc xmlrpc-multicall],
22
- normalize: %i[downcase underscore to_sym])
22
+ normalize: %i[downcase underscore to_sym]),
23
+ OptString.new(['--login-uri URI', 'The URI of the login page if different from /wp-login.php'])
23
24
  ]
24
25
  end
25
26
 
@@ -8,7 +8,10 @@ module WPScan
8
8
 
9
9
  def cli_options
10
10
  [
11
- OptString.new(['--api-token TOKEN', 'The WPVulnDB API Token to display vulnerability data'])
11
+ OptString.new(
12
+ ['--api-token TOKEN',
13
+ 'The WPScan API Token to display vulnerability data, available at https://wpscan.com/profile']
14
+ )
12
15
  ]
13
16
  end
14
17
 
@@ -19,7 +22,7 @@ module WPScan
19
22
 
20
23
  api_status = DB::VulnApi.status
21
24
 
22
- raise Error::InvalidApiToken if api_status['error']
25
+ raise Error::InvalidApiToken if api_status['status'] == 'forbidden'
23
26
  raise Error::ApiLimitReached if api_status['requests_remaining'] == 0
24
27
  raise api_status['http_error'] if api_status['http_error']
25
28
  end
@@ -7,7 +7,7 @@ module WPScan
7
7
  class KnownLocations < CMSScanner::Finders::Finder
8
8
  include CMSScanner::Finders::Finder::Enumerator
9
9
 
10
- SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE) TABLE|INSERT INTO/.freeze
10
+ SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/.freeze
11
11
 
12
12
  # @param [ Hash ] opts
13
13
  # @option opts [ String ] :list
@@ -6,6 +6,7 @@ require_relative 'interesting_findings/multisite'
6
6
  require_relative 'interesting_findings/debug_log'
7
7
  require_relative 'interesting_findings/backup_db'
8
8
  require_relative 'interesting_findings/mu_plugins'
9
+ require_relative 'interesting_findings/php_disabled'
9
10
  require_relative 'interesting_findings/registration'
10
11
  require_relative 'interesting_findings/tmm_db_migrate'
11
12
  require_relative 'interesting_findings/upload_sql_dump'
@@ -26,7 +27,7 @@ module WPScan
26
27
  %w[
27
28
  Readme DebugLog FullPathDisclosure BackupDB DuplicatorInstallerLog
28
29
  Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
29
- UploadSQLDump EmergencyPwdResetScript WPCron
30
+ UploadSQLDump EmergencyPwdResetScript WPCron PHPDisabled
30
31
  ].each do |f|
31
32
  finders << InterestingFindings.const_get(f).new(target)
32
33
  end
@@ -0,0 +1,21 @@
1
+ # frozen_string_literal: true
2
+
3
+ module WPScan
4
+ module Finders
5
+ module InterestingFindings
6
+ # See https://github.com/wpscanteam/wpscan/issues/1593
7
+ class PHPDisabled < CMSScanner::Finders::Finder
8
+ PATTERN = /\$wp_version =/.freeze
9
+
10
+ # @return [ InterestingFinding ]
11
+ def aggressive(_opts = {})
12
+ path = 'wp-includes/version.php'
13
+
14
+ return unless PATTERN.match?(target.head_and_get(path).body)
15
+
16
+ Model::PHPDisabled.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
17
+ end
18
+ end
19
+ end
20
+ end
21
+ end
@@ -132,5 +132,19 @@ module WPScan
132
132
  }
133
133
  end
134
134
  end
135
+
136
+ class PHPDisabled < InterestingFinding
137
+ # @return [ String ]
138
+ def to_s
139
+ @to_s ||= 'PHP seems to be disabled'
140
+ end
141
+
142
+ # @return [ Hash ]
143
+ def references
144
+ @references ||= {
145
+ url: ['https://github.com/wpscanteam/wpscan/issues/1593']
146
+ }
147
+ end
148
+ end
135
149
  end
136
150
  end
@@ -63,7 +63,7 @@ module WPScan
63
63
  def webshot_enabled?
64
64
  res = Browser.get(url, params: { webshot: 1, src: "http://#{default_allowed_domains.sample}" })
65
65
 
66
- /WEBSHOT_ENABLED == true/.match?(res.body) ? false : true
66
+ !/WEBSHOT_ENABLED == true/.match?(res.body)
67
67
  end
68
68
 
69
69
  # @return [ Array<String> ] The default allowed domains (between the 2.0 and 2.8.13)
@@ -1,13 +1,13 @@
1
1
  <% unless @status.empty? -%>
2
2
  <% if @status['http_error'] -%>
3
- <%= critical_icon %> WPVulnDB API, <%= @status['http_error'].to_s %>
3
+ <%= critical_icon %> WPScan DB API, <%= @status['http_error'].to_s %>
4
4
  <% else -%>
5
- <%= info_icon %> WPVulnDB API OK
5
+ <%= info_icon %> WPScan DB API OK
6
6
  | Plan: <%= @status['plan'] %>
7
7
  | Requests Done (during the scan): <%= @api_requests %>
8
8
  | Requests Remaining: <%= @status['requests_remaining'] %>
9
9
  <% end -%>
10
10
  <% else -%>
11
- <%= warning_icon %> No WPVulnDB API Token given, as a result vulnerability data has not been output.
11
+ <%= warning_icon %> No WPScan API Token given, as a result vulnerability data has not been output.
12
12
  <%= warning_icon %> You can get a free API token with 50 daily requests by registering at https://wpscan.com/register
13
13
  <% end -%>
@@ -8,6 +8,6 @@
8
8
  "requests_remaining": <%= @status['requests_remaining'].to_json %>
9
9
  <% end -%>
10
10
  <% else -%>
11
- "error": "No WPVulnDB API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 50 daily requests by registering at https://wpscan.com/register"
11
+ "error": "No WPScan API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 50 daily requests by registering at https://wpscan.com/register"
12
12
  <% end -%>
13
13
  },
@@ -7,7 +7,7 @@ module WPScan
7
7
 
8
8
  # @return [ String ]
9
9
  def default_user_agent
10
- @default_user_agent ||= "WPScan v#{VERSION} (https://wpscan.org/)"
10
+ @default_user_agent ||= "WPScan v#{VERSION} (https://wpscan.com/wordpress-security-scanner)"
11
11
  end
12
12
  end
13
13
  end
@@ -4,7 +4,7 @@ module WPScan
4
4
  module DB
5
5
  # WPVulnDB API
6
6
  class VulnApi
7
- NON_ERROR_CODES = [200, 401].freeze
7
+ NON_ERROR_CODES = [200, 403].freeze
8
8
 
9
9
  class << self
10
10
  attr_accessor :token
@@ -26,7 +26,7 @@ module WPScan
26
26
  # Typhoeus.get is used rather than Browser.get to avoid merging irrelevant params from the CLI
27
27
  res = Typhoeus.get(uri.join(path), default_request_params.merge(params))
28
28
 
29
- return {} if res.code == 404 # This is for API inconsistencies when dots in path
29
+ return {} if res.code == 404 || res.code == 429
30
30
  return JSON.parse(res.body) if NON_ERROR_CODES.include?(res.code)
31
31
 
32
32
  raise Error::HTTP, res
@@ -34,6 +34,8 @@ module WPScan
34
34
  retries ||= 0
35
35
 
36
36
  if (retries += 1) <= 3
37
+ @default_request_params[:headers]['X-Retry'] = retries
38
+
37
39
  sleep(1)
38
40
  retry
39
41
  end
@@ -68,7 +70,7 @@ module WPScan
68
70
  # @return [ Hash ]
69
71
  # @note Those params can not be overriden by CLI options
70
72
  def self.default_request_params
71
- Browser.instance.default_connect_request_params.merge(
73
+ @default_request_params ||= Browser.instance.default_connect_request_params.merge(
72
74
  headers: {
73
75
  'User-Agent' => Browser.instance.default_user_agent,
74
76
  'Authorization' => "Token token=#{token}"
@@ -11,9 +11,10 @@ module WPScan
11
11
  module WordPress
12
12
  include CMSScanner::Target::Platform::PHP
13
13
 
14
- WORDPRESS_PATTERN = %r{/(?:(?:wp-content/(?:themes|(?:mu-)?plugins|uploads))|wp-includes)/}i.freeze
15
- WP_JSON_OEMBED_PATTERN = %r{/wp-json/oembed/}i.freeze
16
- WP_ADMIN_AJAX_PATTERN = %r{\\?/wp-admin\\?/admin-ajax\.php}i.freeze
14
+ WORDPRESS_PATTERN = %r{/(?:(?:wp-content/(?:themes|(?:mu-)?plugins|uploads))|wp-includes)/}i.freeze
15
+ WORDPRESS_HOSTED_PATTERN = %r{https?://s\d\.wp\.com#{WORDPRESS_PATTERN}}i.freeze
16
+ WP_JSON_OEMBED_PATTERN = %r{/wp-json/oembed/}i.freeze
17
+ WP_ADMIN_AJAX_PATTERN = %r{\\?/wp-admin\\?/admin-ajax\.php}i.freeze
17
18
 
18
19
  # These methods are used in the associated interesting_findings finders
19
20
  # to keep the boolean state of the finding rather than re-check the whole thing again
@@ -103,11 +104,8 @@ module WPScan
103
104
  return true if /\.wordpress\.com$/i.match?(uri.host)
104
105
 
105
106
  unless content_dir
106
- pattern = %r{https?://s\d\.wp\.com#{WORDPRESS_PATTERN}}i.freeze
107
- xpath = '(//@href|//@src)[contains(., "wp.com")]'
108
-
109
- uris_from_page(homepage_res, xpath) do |uri|
110
- return true if uri.to_s.match?(pattern)
107
+ uris_from_page(homepage_res, '(//@href|//@src)[contains(., "wp.com")]') do |uri|
108
+ return true if uri.to_s.match?(WORDPRESS_HOSTED_PATTERN)
111
109
  end
112
110
  end
113
111
 
@@ -139,11 +137,14 @@ module WPScan
139
137
  # the first time the method is called, and the effective_url is then used
140
138
  # if suitable, otherwise the default wp-login will be.
141
139
  #
140
+ # If the login_uri CLI option has been provided, it will be returne w/o redirection check.
141
+ #
142
142
  # @return [ String, false ] The URL to the login page or false if not detected
143
143
  def login_url
144
144
  return @login_url unless @login_url.nil?
145
+ return @login_url = url(ParsedCli.login_uri) if ParsedCli.login_uri
145
146
 
146
- @login_url = url('wp-login.php') # TODO: url(ParsedCli.login_uri)
147
+ @login_url = url('wp-login.php')
147
148
 
148
149
  res = Browser.get_and_follow_location(@login_url)
149
150
 
@@ -7,7 +7,8 @@ module Typhoeus
7
7
  #
8
8
  # @return [ Boolean ]
9
9
  def from_vuln_api?
10
- effective_url.start_with?(WPScan::DB::VulnApi.uri.to_s) && !effective_url.include?('/status')
10
+ effective_url.start_with?(WPScan::DB::VulnApi.uri.to_s) &&
11
+ !effective_url.start_with?(WPScan::DB::VulnApi.uri.join('status').to_s)
11
12
  end
12
13
  end
13
14
  end
@@ -2,5 +2,5 @@
2
2
 
3
3
  # Version
4
4
  module WPScan
5
- VERSION = '3.8.9'
5
+ VERSION = '3.8.14'
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.8.9
4
+ version: 3.8.14
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-16 00:00:00.000000000 Z
11
+ date: 2021-02-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.12.1
19
+ version: 0.13.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.12.1
26
+ version: 0.13.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -44,14 +44,14 @@ dependencies:
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: 0.9.13
47
+ version: 1.0.0
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: 0.9.13
54
+ version: 1.0.0
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: rake
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -72,14 +72,14 @@ dependencies:
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: 3.9.0
75
+ version: 3.10.0
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: 3.9.0
82
+ version: 3.10.0
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: rspec-its
85
85
  requirement: !ruby/object:Gem::Requirement
@@ -100,42 +100,42 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 0.93.0
103
+ version: 1.9.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 0.93.0
110
+ version: 1.9.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: rubocop-performance
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.8.0
117
+ version: 1.9.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.8.0
124
+ version: 1.9.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: simplecov
127
127
  requirement: !ruby/object:Gem::Requirement
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 0.19.0
131
+ version: 0.21.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 0.19.0
138
+ version: 0.21.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: simplecov-lcov
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -170,17 +170,17 @@ dependencies:
170
170
  requirements:
171
171
  - - "~>"
172
172
  - !ruby/object:Gem::Version
173
- version: 3.9.0
173
+ version: 3.11.0
174
174
  type: :development
175
175
  prerelease: false
176
176
  version_requirements: !ruby/object:Gem::Requirement
177
177
  requirements:
178
178
  - - "~>"
179
179
  - !ruby/object:Gem::Version
180
- version: 3.9.0
180
+ version: 3.11.0
181
181
  description: WPScan is a black box WordPress vulnerability scanner.
182
182
  email:
183
- - team@wpscan.org
183
+ - contact@wpscan.com
184
184
  executables:
185
185
  - wpscan
186
186
  extensions: []
@@ -213,6 +213,7 @@ files:
213
213
  - app/finders/interesting_findings/full_path_disclosure.rb
214
214
  - app/finders/interesting_findings/mu_plugins.rb
215
215
  - app/finders/interesting_findings/multisite.rb
216
+ - app/finders/interesting_findings/php_disabled.rb
216
217
  - app/finders/interesting_findings/readme.rb
217
218
  - app/finders/interesting_findings/registration.rb
218
219
  - app/finders/interesting_findings/tmm_db_migrate.rb
@@ -377,7 +378,7 @@ files:
377
378
  - lib/wpscan/version.rb
378
379
  - lib/wpscan/vulnerability.rb
379
380
  - lib/wpscan/vulnerable.rb
380
- homepage: https://wpscan.org/
381
+ homepage: https://wpscan.com/wordpress-security-scanner
381
382
  licenses:
382
383
  - Dual
383
384
  metadata: {}