wpscan 3.8.1 → 3.8.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +7 -13
- data/app/finders/db_exports/known_locations.rb +1 -1
- data/app/finders/passwords/xml_rpc_multicall.rb +13 -6
- data/lib/wpscan/version.rb +1 -1
- metadata +8 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '095c33e6d410081b90f0ea858284cd4c2040b551830fd1756ab7f70dcae34022'
|
|
4
|
+
data.tar.gz: b8f36a805212d33d7448ebba76a908a2a0cf51e72d1b3df6ce3e434987359864
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 921466d7d508f0d6f6dddd8e53bab8bf1ce0a7202c778f477ce669c724c9a5348a3e94befafc51e18a331dcc8566946c330493c69c415ba8701612bc59efe4ad
|
|
7
|
+
data.tar.gz: eba875df92089460d02b2bf8b4d00b47149f3d176ff203767dbe02b4a20612db0e868c3b3f17e1e5b3a1f16096f1d89d704ecbbee854cc5f2de7a3b39fea6855
|
data/README.md
CHANGED
|
@@ -31,7 +31,11 @@
|
|
|
31
31
|
- RubyGems - Recommended: latest
|
|
32
32
|
- Nokogiri might require packages to be installed via your package manager depending on your OS, see https://nokogiri.org/tutorials/installing_nokogiri.html
|
|
33
33
|
|
|
34
|
-
###
|
|
34
|
+
### In a Pentesting distribution
|
|
35
|
+
|
|
36
|
+
When using a pentesting distubution (such as Kali Linux), it is recommended to install/update wpscan via the package manager if available.
|
|
37
|
+
|
|
38
|
+
### From RubyGems
|
|
35
39
|
|
|
36
40
|
```shell
|
|
37
41
|
gem install wpscan
|
|
@@ -39,18 +43,6 @@ gem install wpscan
|
|
|
39
43
|
|
|
40
44
|
On MacOSX, if a ```Gem::FilePermissionError``` is raised due to the Apple's System Integrity Protection (SIP), either install RVM and install wpscan again, or run ```sudo gem install -n /usr/local/bin wpscan``` (see [#1286](https://github.com/wpscanteam/wpscan/issues/1286))
|
|
41
45
|
|
|
42
|
-
### From sources (NOT Recommended)
|
|
43
|
-
|
|
44
|
-
Prerequisites: Git
|
|
45
|
-
|
|
46
|
-
```shell
|
|
47
|
-
git clone https://github.com/wpscanteam/wpscan
|
|
48
|
-
|
|
49
|
-
cd wpscan/
|
|
50
|
-
|
|
51
|
-
bundle install && rake install
|
|
52
|
-
```
|
|
53
|
-
|
|
54
46
|
# Updating
|
|
55
47
|
|
|
56
48
|
You can update the local database by using ```wpscan --update```
|
|
@@ -77,6 +69,8 @@ docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-1
|
|
|
77
69
|
|
|
78
70
|
# Usage
|
|
79
71
|
|
|
72
|
+
Full user documentation can be found here; https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation
|
|
73
|
+
|
|
80
74
|
```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings.
|
|
81
75
|
|
|
82
76
|
If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.
|
|
@@ -40,7 +40,7 @@ module WPScan
|
|
|
40
40
|
# @return [ Hash ]
|
|
41
41
|
def potential_urls(opts = {})
|
|
42
42
|
urls = {}
|
|
43
|
-
domain_name = PublicSuffix.domain(target.uri.host)[/(^[\w|-]+)/, 1]
|
|
43
|
+
domain_name = (PublicSuffix.domain(target.uri.host) || target.uri.host)[/(^[\w|-]+)/, 1]
|
|
44
44
|
|
|
45
45
|
File.open(opts[:list]).each_with_index do |path, index|
|
|
46
46
|
path.gsub!('{domain_name}', domain_name)
|
|
@@ -75,17 +75,20 @@ module WPScan
|
|
|
75
75
|
progress_bar.stop
|
|
76
76
|
break
|
|
77
77
|
end
|
|
78
|
-
|
|
79
|
-
|
|
78
|
+
|
|
79
|
+
begin
|
|
80
|
+
progress_bar.total = progress_bar.progress + ((passwords.size - wordlist_index) / current_passwords_size.round(1)).ceil
|
|
81
|
+
rescue ProgressBar::InvalidProgressError
|
|
82
|
+
end
|
|
80
83
|
end
|
|
81
84
|
end
|
|
82
85
|
# Maybe a progress_bar.stop ?
|
|
83
86
|
end
|
|
84
|
-
# rubocop:
|
|
87
|
+
# rubocop:enable all
|
|
85
88
|
|
|
86
89
|
def passwords_size(max_passwords, users_size)
|
|
87
90
|
return 1 if max_passwords < users_size
|
|
88
|
-
return 0 if users_size
|
|
91
|
+
return 0 if users_size.zero?
|
|
89
92
|
|
|
90
93
|
max_passwords / users_size
|
|
91
94
|
end
|
|
@@ -94,9 +97,13 @@ module WPScan
|
|
|
94
97
|
def check_and_output_errors(res)
|
|
95
98
|
progress_bar.log("Incorrect response: #{res.code} / #{res.return_message}") unless res.code == 200
|
|
96
99
|
|
|
97
|
-
|
|
100
|
+
if /parse error. not well formed/i.match?(res.body)
|
|
101
|
+
progress_bar.log('Parsing error, might be caused by a too high --max-passwords value (such as >= 2k)')
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
return unless /requested method [^ ]+ does not exist/i.match?(res.body)
|
|
98
105
|
|
|
99
|
-
progress_bar.log('The requested method is not supported')
|
|
106
|
+
progress_bar.log('The requested method is not supported')
|
|
100
107
|
end
|
|
101
108
|
end
|
|
102
109
|
end
|
data/lib/wpscan/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: wpscan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.8.
|
|
4
|
+
version: 3.8.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-06-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: cms_scanner
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.10.
|
|
19
|
+
version: 0.10.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.10.
|
|
26
|
+
version: 0.10.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: bundler
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,28 +100,28 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 0.
|
|
103
|
+
version: 0.85.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 0.
|
|
110
|
+
version: 0.85.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: rubocop-performance
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 1.
|
|
117
|
+
version: 1.6.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 1.
|
|
124
|
+
version: 1.6.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: simplecov
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|