wpscan 3.8.25 → 3.8.26
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +4 -2
- data/app/finders/db_exports/known_locations.rb +5 -1
- data/app/models/theme.rb +1 -1
- data/app/models/wp_version.rb +4 -0
- data/lib/wpscan/helper.rb +3 -0
- data/lib/wpscan/version.rb +1 -1
- metadata +8 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f4c0a992941a0d2f853807d26044152e1be735612de635009344aa0d09771fe5
|
|
4
|
+
data.tar.gz: c6be4010e882cd3a0c2b7413cd4b701ace9aa4815eccabcc2fc1c44cb6868cf0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1b745c2b437e7ef151ca02f96f2e92033432f210d840e00043162f5e22150069aaa81183bc2c9c0e27851daf7cec5542dc05c15b73a905c8753b133fe533630d
|
|
7
|
+
data.tar.gz: cd12ea2c6f19a67141c35d3621b08e7ca19c17c681511a08939149442f0581e99f7444b625d0037c0d079f3f3f8c6936ae63a69893c7044eb033a8387b3cf859
|
data/README.md
CHANGED
|
@@ -25,7 +25,7 @@
|
|
|
25
25
|
## Prerequisites
|
|
26
26
|
|
|
27
27
|
- (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
|
|
28
|
-
- Ruby >=
|
|
28
|
+
- Ruby >= 3.0 - Recommended: latest
|
|
29
29
|
- Curl >= 7.72 - Recommended: latest
|
|
30
30
|
- The 7.29 has a segfault
|
|
31
31
|
- The < 7.72 could result in `Stream error in the HTTP/2 framing layer` in some cases
|
|
@@ -38,7 +38,9 @@ When using a pentesting distubution (such as Kali Linux), it is recommended to i
|
|
|
38
38
|
|
|
39
39
|
### In macOSX via Homebrew
|
|
40
40
|
|
|
41
|
-
|
|
41
|
+
```shell
|
|
42
|
+
brew install wpscanteam/tap/wpscan
|
|
43
|
+
```
|
|
42
44
|
|
|
43
45
|
### From RubyGems
|
|
44
46
|
|
|
@@ -7,6 +7,10 @@ module WPScan
|
|
|
7
7
|
class KnownLocations < CMSScanner::Finders::Finder
|
|
8
8
|
include CMSScanner::Finders::Finder::Enumerator
|
|
9
9
|
|
|
10
|
+
def valid_response_codes
|
|
11
|
+
@valid_response_codes ||= [200, 206].freeze
|
|
12
|
+
end
|
|
13
|
+
|
|
10
14
|
SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/.freeze
|
|
11
15
|
|
|
12
16
|
# @param [ Hash ] opts
|
|
@@ -17,7 +21,7 @@ module WPScan
|
|
|
17
21
|
def aggressive(opts = {})
|
|
18
22
|
found = []
|
|
19
23
|
|
|
20
|
-
enumerate(potential_urls(opts), opts.merge(check_full_response:
|
|
24
|
+
enumerate(potential_urls(opts), opts.merge(check_full_response: valid_response_codes)) do |res|
|
|
21
25
|
if res.effective_url.end_with?('.zip')
|
|
22
26
|
next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type'])
|
|
23
27
|
else
|
data/app/models/theme.rb
CHANGED
|
@@ -92,7 +92,7 @@ module WPScan
|
|
|
92
92
|
tags: 'Tags',
|
|
93
93
|
text_domain: 'Text Domain'
|
|
94
94
|
}.each do |attribute, tag|
|
|
95
|
-
instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag))
|
|
95
|
+
instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag)&.force_encoding('UTF-8'))
|
|
96
96
|
end
|
|
97
97
|
end
|
|
98
98
|
|
data/app/models/wp_version.rb
CHANGED
data/lib/wpscan/helper.rb
CHANGED
|
@@ -16,5 +16,8 @@ def classify_slug(slug)
|
|
|
16
16
|
classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/-{1,}/, '_').camelize.to_s
|
|
17
17
|
classified = "D_#{classified}" if /\d/.match?(classified[0])
|
|
18
18
|
|
|
19
|
+
# Special case for slugs with all non-latin characters.
|
|
20
|
+
classified = "HexSlug_#{slug.bytes.map { |i| i.to_s(16) }.join}" if classified.empty?
|
|
21
|
+
|
|
19
22
|
classified.to_sym
|
|
20
23
|
end
|
data/lib/wpscan/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: wpscan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.8.
|
|
4
|
+
version: 3.8.26
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-09-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: cms_scanner
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.14.2
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.14.2
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: bundler
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -128,14 +128,14 @@ dependencies:
|
|
|
128
128
|
requirements:
|
|
129
129
|
- - "~>"
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: 0.
|
|
131
|
+
version: 0.22.0
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version: 0.
|
|
138
|
+
version: 0.22.0
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: simplecov-lcov
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -390,14 +390,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
390
390
|
requirements:
|
|
391
391
|
- - ">="
|
|
392
392
|
- !ruby/object:Gem::Version
|
|
393
|
-
version: '
|
|
393
|
+
version: '3.0'
|
|
394
394
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
395
395
|
requirements:
|
|
396
396
|
- - ">="
|
|
397
397
|
- !ruby/object:Gem::Version
|
|
398
398
|
version: '0'
|
|
399
399
|
requirements: []
|
|
400
|
-
rubygems_version: 3.
|
|
400
|
+
rubygems_version: 3.2.33
|
|
401
401
|
signing_key:
|
|
402
402
|
specification_version: 4
|
|
403
403
|
summary: WPScan - WordPress Vulnerability Scanner
|