wpscan 3.7.0 → 3.7.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5e98820ee111e0a41e7cdc545d73daf107fc9ac8cec61b0553d19e5e85a8fc5f
4
- data.tar.gz: 72e974ecfbd200a92a123c7f315b587c3e8c20364390a202ca8b0ca978a08dfe
3
+ metadata.gz: 81f53ccbb472ba2f5eff49a7c422c41b7f70ace29d689620ab6ea7d51b52d9ae
4
+ data.tar.gz: d3f844eed945816cdc34e6e17ebf2b27f19c82c7e4f42766aaeb19793d618971
5
5
  SHA512:
6
- metadata.gz: bd2778249b8afdfa8a12317ea20b2f856285a83ade81b8e7935cd83721f5763a6f39c9e1b94e7dd8cdfa9f48c0e068bdaf95f3e949506b3ae96b65a0a992b0a3
7
- data.tar.gz: 7eb76604ef4f5a7b01dbc5dce70dd4cfa8f3f6d9093642615aae627dfa709dcf0a36ea9e1dae1c4208571946b4d09ca80e8f2496ddeae63660dd314e522e7fb6
6
+ metadata.gz: 1615d5c27b38ae8f2c157f22f8949f49484dadb2475e39f159133e289fd3f8e11986055c654dcde89a169e3a19f5dc6387b27c39c079e55d71561047e500ec75
7
+ data.tar.gz: 5eb01fd5777cb6c1128c9e91ca8d643decd77d46ff22a8de29cf80680ea0d60eb0934fc1aea1b16c7daaa41798a4a42a310833c061ccd6f8e94674c5e97f1b8e
data/README.md CHANGED
@@ -77,13 +77,19 @@ docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-1
77
77
 
78
78
  # Usage
79
79
 
80
- ```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings. If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.
80
+ ```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings.
81
+
82
+ If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.
81
83
  As a result, when using the ```--enumerate``` option, don't forget to set the ```--plugins-detection``` accordingly, as its default is 'passive'.
82
84
 
83
85
  For more options, open a terminal and type ```wpscan --help``` (if you built wpscan from the source, you should type the command outside of the git repo)
84
86
 
85
87
  The DB is located at ~/.wpscan/db
86
88
 
89
+ ## Vulnerability Database
90
+
91
+ The WPScan CLI tool uses the [WPVulnDB API](https://wpvulndb.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPVulnDB](https://wpvulndb.com/users/sign_up). Up to 50 API requests per day are given free of charge to registered users. Once the 50 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPVulnDB](https://wpvulndb.com/).
92
+
87
93
  ## Load CLI options from file/s
88
94
 
89
95
  WPScan can load all options (including the --url) from configuration files, the following locations are checked (order: first to last):
@@ -124,7 +130,7 @@ cli_options:
124
130
  api_token: YOUR_API_TOKEN
125
131
  ```
126
132
 
127
- Enumerating usernames
133
+ ## Enumerating usernames
128
134
 
129
135
  ```shell
130
136
  wpscan --url https://target.tld/ --enumerate u
@@ -18,10 +18,10 @@ module WPScan
18
18
  choices: {
19
19
  vp: OptBoolean.new(['--vulnerable-plugins']),
20
20
  ap: OptBoolean.new(['--all-plugins']),
21
- p: OptBoolean.new(['--plugins']),
21
+ p: OptBoolean.new(['--popular-plugins']),
22
22
  vt: OptBoolean.new(['--vulnerable-themes']),
23
23
  at: OptBoolean.new(['--all-themes']),
24
- t: OptBoolean.new(['--themes']),
24
+ t: OptBoolean.new(['--popular-themes']),
25
25
  tt: OptBoolean.new(['--timthumbs']),
26
26
  cb: OptBoolean.new(['--config-backups']),
27
27
  dbe: OptBoolean.new(['--db-exports']),
@@ -56,7 +56,7 @@ module WPScan
56
56
  #
57
57
  # @return [ Boolean ] Wether or not to enumerate the plugins
58
58
  def enum_plugins?(opts)
59
- opts[:plugins] || opts[:all_plugins] || opts[:vulnerable_plugins]
59
+ opts[:popular_plugins] || opts[:all_plugins] || opts[:vulnerable_plugins]
60
60
  end
61
61
 
62
62
  def enum_plugins
@@ -92,7 +92,7 @@ module WPScan
92
92
 
93
93
  if opts[:enumerate][:all_plugins]
94
94
  DB::Plugins.all_slugs
95
- elsif opts[:enumerate][:plugins]
95
+ elsif opts[:enumerate][:popular_plugins]
96
96
  DB::Plugins.popular_slugs
97
97
  else
98
98
  DB::Plugins.vulnerable_slugs
@@ -103,7 +103,7 @@ module WPScan
103
103
  #
104
104
  # @return [ Boolean ] Wether or not to enumerate the themes
105
105
  def enum_themes?(opts)
106
- opts[:themes] || opts[:all_themes] || opts[:vulnerable_themes]
106
+ opts[:popular_themes] || opts[:all_themes] || opts[:vulnerable_themes]
107
107
  end
108
108
 
109
109
  def enum_themes
@@ -139,7 +139,7 @@ module WPScan
139
139
 
140
140
  if opts[:enumerate][:all_themes]
141
141
  DB::Themes.all_slugs
142
- elsif opts[:enumerate][:themes]
142
+ elsif opts[:enumerate][:popular_themes]
143
143
  DB::Themes.popular_slugs
144
144
  else
145
145
  DB::Themes.vulnerable_slugs
@@ -8,7 +8,7 @@ module WPScan
8
8
  include CMSScanner::Finders::Finder::BreadthFirstDictionaryAttack
9
9
 
10
10
  def login_request(username, password)
11
- target.method_call('wp.getUsersBlogs', [username, password])
11
+ target.method_call('wp.getUsersBlogs', [username, password], cache_ttl: 0)
12
12
  end
13
13
 
14
14
  def valid_credentials?(response)
@@ -19,7 +19,7 @@ module WPScan
19
19
  end
20
20
  end
21
21
 
22
- target.multi_call(methods).run
22
+ target.multi_call(methods, cache_ttl: 0).run
23
23
  end
24
24
 
25
25
  # @param [ Array<Model::User> ] users
@@ -4,7 +4,7 @@ module WPScan
4
4
  module DB
5
5
  # WPVulnDB API
6
6
  class VulnApi
7
- NON_ERROR_CODES = [200, 401, 404].freeze
7
+ NON_ERROR_CODES = [200, 401].freeze
8
8
 
9
9
  class << self
10
10
  attr_accessor :token
@@ -24,6 +24,7 @@ module WPScan
24
24
 
25
25
  res = Browser.get(uri.join(path), params.merge(request_params))
26
26
 
27
+ return {} if res.code == 404 # This is for API inconsistencies when dots in path
27
28
  return JSON.parse(res.body) if NON_ERROR_CODES.include?(res.code)
28
29
 
29
30
  raise Error::HTTP, res
@@ -109,6 +109,7 @@ module WPScan
109
109
  Browser.instance.forge_request(
110
110
  login_url,
111
111
  method: :post,
112
+ cache_ttl: 0,
112
113
  body: { log: username, pwd: password }
113
114
  )
114
115
  end
@@ -2,5 +2,5 @@
2
2
 
3
3
  # Version
4
4
  module WPScan
5
- VERSION = '3.7.0'
5
+ VERSION = '3.7.1'
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.7.0
4
+ version: 3.7.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-09-13 00:00:00.000000000 Z
11
+ date: 2019-09-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: cms_scanner