RubyGems - wpscan - Versions diffs - 3.8.1 → 3.8.2 - Mend

wpscan 3.8.1 → 3.8.2

Files changed (6) hide show

checksums.yaml +4 -4
data/README.md +7 -13
data/app/finders/db_exports/known_locations.rb +1 -1
data/app/finders/passwords/xml_rpc_multicall.rb +13 -6
data/lib/wpscan/version.rb +1 -1
metadata +8 -8

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f45c3ef9c7678acbc8608e823e3bd251dad461cde0b524fc57aa68447790f302
-  data.tar.gz: 4d3946d3dabbbb94f3eccf83956d31545155071588bc5aafb5f5aea452257172
+  metadata.gz: '095c33e6d410081b90f0ea858284cd4c2040b551830fd1756ab7f70dcae34022'
+  data.tar.gz: b8f36a805212d33d7448ebba76a908a2a0cf51e72d1b3df6ce3e434987359864
 SHA512:
-  metadata.gz: 0adff2352b84b2f791c2b71fa63ec95d03ff3244baa86f04de0fc469193099708065fce65c09a54891edd61ef71d647d711e7627835c5d480ce3f97fe1a8339e
-  data.tar.gz: 677af33b40cbdab1435d65780c4ee89eed0757bdc9981a002572bb0478391eade2eca9706c6288b9083c7b2ff6db0857495914cbde0960b09b5a937438ea24c1
+  metadata.gz: 921466d7d508f0d6f6dddd8e53bab8bf1ce0a7202c778f477ce669c724c9a5348a3e94befafc51e18a331dcc8566946c330493c69c415ba8701612bc59efe4ad
+  data.tar.gz: eba875df92089460d02b2bf8b4d00b47149f3d176ff203767dbe02b4a20612db0e868c3b3f17e1e5b3a1f16096f1d89d704ecbbee854cc5f2de7a3b39fea6855

data/README.md CHANGED

@@ -31,7 +31,11 @@
 - RubyGems      - Recommended: latest
 - Nokogiri might require packages to be installed via your package manager depending on your OS, see https://nokogiri.org/tutorials/installing_nokogiri.html
-### From RubyGems (Recommended)
+### In a Pentesting distribution
+When using a pentesting distubution (such as Kali Linux), it is recommended to install/update wpscan via the package manager if available.
+### From RubyGems
 ```shell
 gem install wpscan
@@ -39,18 +43,6 @@ gem install wpscan
 On MacOSX, if a ```Gem::FilePermissionError``` is raised due to the Apple's System Integrity Protection (SIP), either install RVM and install wpscan again, or run ```sudo gem install -n /usr/local/bin wpscan``` (see [#1286](https://github.com/wpscanteam/wpscan/issues/1286))
-### From sources (NOT Recommended)
-Prerequisites: Git
-```shell
-git clone https://github.com/wpscanteam/wpscan
-cd wpscan/
-bundle install && rake install
-```
 # Updating
 You can update the local database by using ```wpscan --update```
@@ -77,6 +69,8 @@ docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-1
 # Usage
+Full user documentation can be found here; https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation
 ```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings.
 If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.

data/app/finders/db_exports/known_locations.rb CHANGED

@@ -40,7 +40,7 @@ module WPScan
         # @return [ Hash ]
         def potential_urls(opts = {})
           urls        = {}
-          domain_name = PublicSuffix.domain(target.uri.host)[/(^[\w|-]+)/, 1]
+          domain_name = (PublicSuffix.domain(target.uri.host) || target.uri.host)[/(^[\w|-]+)/, 1]
           File.open(opts[:list]).each_with_index do |path, index|
             path.gsub!('{domain_name}', domain_name)

data/app/finders/passwords/xml_rpc_multicall.rb CHANGED

@@ -75,17 +75,20 @@ module WPScan
                 progress_bar.stop
                 break
               end
-              progress_bar.total = progress_bar.progress + ((passwords.size - wordlist_index) / current_passwords_size.round(1)).ceil
+              begin
+                progress_bar.total = progress_bar.progress + ((passwords.size - wordlist_index) / current_passwords_size.round(1)).ceil
+              rescue ProgressBar::InvalidProgressError
+              end
             end
           end
           # Maybe a progress_bar.stop ?
         end
-        # rubocop:disable all
+        # rubocop:enable all
         def passwords_size(max_passwords, users_size)
           return 1 if max_passwords < users_size
-          return 0 if users_size == 0
+          return 0 if users_size.zero?
           max_passwords / users_size
         end
@@ -94,9 +97,13 @@ module WPScan
         def check_and_output_errors(res)
           progress_bar.log("Incorrect response: #{res.code} / #{res.return_message}") unless res.code == 200
-          progress_bar.log('Parsing error, might be caused by a too high --max-passwords value (such as >= 2k)') if res.body =~ /parse error. not well formed/i
+          if /parse error. not well formed/i.match?(res.body)
+            progress_bar.log('Parsing error, might be caused by a too high --max-passwords value (such as >= 2k)')
+          end
+          return unless /requested method [^ ]+ does not exist/i.match?(res.body)
-          progress_bar.log('The requested method is not supported') if res.body =~ /requested method [^ ]+ does not exist/i
+          progress_bar.log('The requested method is not supported')
         end
       end
     end

data/lib/wpscan/version.rb CHANGED

@@ -2,5 +2,5 @@
 # Version
 module WPScan
-  VERSION = '3.8.1'
+  VERSION = '3.8.2'
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wpscan
 version: !ruby/object:Gem::Version
-  version: 3.8.1
+  version: 3.8.2
 platform: ruby
 authors:
 - WPScanTeam
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-04-16 00:00:00.000000000 Z
+date: 2020-06-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.10.0
+        version: 0.10.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.10.0
+        version: 0.10.1
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -100,28 +100,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.81.0
+        version: 0.85.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.81.0
+        version: 0.85.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.0
+        version: 1.6.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.0
+        version: 1.6.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement