wpscan 3.8.25 → 3.8.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +4 -2
- data/app/finders/db_exports/known_locations.rb +5 -1
- data/app/models/theme.rb +1 -1
- data/app/models/wp_version.rb +4 -0
- data/lib/wpscan/helper.rb +3 -0
- data/lib/wpscan/version.rb +1 -1
- metadata +8 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f4c0a992941a0d2f853807d26044152e1be735612de635009344aa0d09771fe5
|
4
|
+
data.tar.gz: c6be4010e882cd3a0c2b7413cd4b701ace9aa4815eccabcc2fc1c44cb6868cf0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1b745c2b437e7ef151ca02f96f2e92033432f210d840e00043162f5e22150069aaa81183bc2c9c0e27851daf7cec5542dc05c15b73a905c8753b133fe533630d
|
7
|
+
data.tar.gz: cd12ea2c6f19a67141c35d3621b08e7ca19c17c681511a08939149442f0581e99f7444b625d0037c0d079f3f3f8c6936ae63a69893c7044eb033a8387b3cf859
|
data/README.md
CHANGED
@@ -25,7 +25,7 @@
|
|
25
25
|
## Prerequisites
|
26
26
|
|
27
27
|
- (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
|
28
|
-
- Ruby >=
|
28
|
+
- Ruby >= 3.0 - Recommended: latest
|
29
29
|
- Curl >= 7.72 - Recommended: latest
|
30
30
|
- The 7.29 has a segfault
|
31
31
|
- The < 7.72 could result in `Stream error in the HTTP/2 framing layer` in some cases
|
@@ -38,7 +38,9 @@ When using a pentesting distubution (such as Kali Linux), it is recommended to i
|
|
38
38
|
|
39
39
|
### In macOSX via Homebrew
|
40
40
|
|
41
|
-
|
41
|
+
```shell
|
42
|
+
brew install wpscanteam/tap/wpscan
|
43
|
+
```
|
42
44
|
|
43
45
|
### From RubyGems
|
44
46
|
|
@@ -7,6 +7,10 @@ module WPScan
|
|
7
7
|
class KnownLocations < CMSScanner::Finders::Finder
|
8
8
|
include CMSScanner::Finders::Finder::Enumerator
|
9
9
|
|
10
|
+
def valid_response_codes
|
11
|
+
@valid_response_codes ||= [200, 206].freeze
|
12
|
+
end
|
13
|
+
|
10
14
|
SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/.freeze
|
11
15
|
|
12
16
|
# @param [ Hash ] opts
|
@@ -17,7 +21,7 @@ module WPScan
|
|
17
21
|
def aggressive(opts = {})
|
18
22
|
found = []
|
19
23
|
|
20
|
-
enumerate(potential_urls(opts), opts.merge(check_full_response:
|
24
|
+
enumerate(potential_urls(opts), opts.merge(check_full_response: valid_response_codes)) do |res|
|
21
25
|
if res.effective_url.end_with?('.zip')
|
22
26
|
next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type'])
|
23
27
|
else
|
data/app/models/theme.rb
CHANGED
@@ -92,7 +92,7 @@ module WPScan
|
|
92
92
|
tags: 'Tags',
|
93
93
|
text_domain: 'Text Domain'
|
94
94
|
}.each do |attribute, tag|
|
95
|
-
instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag))
|
95
|
+
instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag)&.force_encoding('UTF-8'))
|
96
96
|
end
|
97
97
|
end
|
98
98
|
|
data/app/models/wp_version.rb
CHANGED
data/lib/wpscan/helper.rb
CHANGED
@@ -16,5 +16,8 @@ def classify_slug(slug)
|
|
16
16
|
classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/-{1,}/, '_').camelize.to_s
|
17
17
|
classified = "D_#{classified}" if /\d/.match?(classified[0])
|
18
18
|
|
19
|
+
# Special case for slugs with all non-latin characters.
|
20
|
+
classified = "HexSlug_#{slug.bytes.map { |i| i.to_s(16) }.join}" if classified.empty?
|
21
|
+
|
19
22
|
classified.to_sym
|
20
23
|
end
|
data/lib/wpscan/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: wpscan
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.8.
|
4
|
+
version: 3.8.26
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- WPScanTeam
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-09-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: cms_scanner
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.14.2
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.14.2
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: bundler
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,14 +128,14 @@ dependencies:
|
|
128
128
|
requirements:
|
129
129
|
- - "~>"
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: 0.
|
131
|
+
version: 0.22.0
|
132
132
|
type: :development
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: 0.
|
138
|
+
version: 0.22.0
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: simplecov-lcov
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -390,14 +390,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
390
390
|
requirements:
|
391
391
|
- - ">="
|
392
392
|
- !ruby/object:Gem::Version
|
393
|
-
version: '
|
393
|
+
version: '3.0'
|
394
394
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
395
395
|
requirements:
|
396
396
|
- - ">="
|
397
397
|
- !ruby/object:Gem::Version
|
398
398
|
version: '0'
|
399
399
|
requirements: []
|
400
|
-
rubygems_version: 3.
|
400
|
+
rubygems_version: 3.2.33
|
401
401
|
signing_key:
|
402
402
|
specification_version: 4
|
403
403
|
summary: WPScan - WordPress Vulnerability Scanner
|