wpscan 3.8.25 → 3.8.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 48e1401dae252247e3d9a8c2f10d18bbf0b7b49e28a6b841e0462fe080ebce39
4
- data.tar.gz: fce0a22e6f78ab616b11446ec6f049002b10aaf6c7d37fe333189de58a7ec444
3
+ metadata.gz: f4c0a992941a0d2f853807d26044152e1be735612de635009344aa0d09771fe5
4
+ data.tar.gz: c6be4010e882cd3a0c2b7413cd4b701ace9aa4815eccabcc2fc1c44cb6868cf0
5
5
  SHA512:
6
- metadata.gz: 52c42ec12834ac64777d40b06cac6bc1c1f7934a7c239ba065a604be7ea536a70c89e34120cf77d960401d188330ea06a83072f7a4843aa1e02fded7eff39e7c
7
- data.tar.gz: 37742dc5f1487abd4c428dbc3b77303d7fd81c4ef2256666e45047fb1a03f170b6a5e136620defb15358ed0776ea95deeeb68a05af38639fe3195a8a16ad8c79
6
+ metadata.gz: 1b745c2b437e7ef151ca02f96f2e92033432f210d840e00043162f5e22150069aaa81183bc2c9c0e27851daf7cec5542dc05c15b73a905c8753b133fe533630d
7
+ data.tar.gz: cd12ea2c6f19a67141c35d3621b08e7ca19c17c681511a08939149442f0581e99f7444b625d0037c0d079f3f3f8c6936ae63a69893c7044eb033a8387b3cf859
data/README.md CHANGED
@@ -25,7 +25,7 @@
25
25
  ## Prerequisites
26
26
 
27
27
  - (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
28
- - Ruby >= 2.7 - Recommended: latest
28
+ - Ruby >= 3.0 - Recommended: latest
29
29
  - Curl >= 7.72 - Recommended: latest
30
30
  - The 7.29 has a segfault
31
31
  - The < 7.72 could result in `Stream error in the HTTP/2 framing layer` in some cases
@@ -38,7 +38,9 @@ When using a pentesting distubution (such as Kali Linux), it is recommended to i
38
38
 
39
39
  ### In macOSX via Homebrew
40
40
 
41
- `brew install wpscanteam/tap/wpscan`
41
+ ```shell
42
+ brew install wpscanteam/tap/wpscan
43
+ ```
42
44
 
43
45
  ### From RubyGems
44
46
 
@@ -7,6 +7,10 @@ module WPScan
7
7
  class KnownLocations < CMSScanner::Finders::Finder
8
8
  include CMSScanner::Finders::Finder::Enumerator
9
9
 
10
+ def valid_response_codes
11
+ @valid_response_codes ||= [200, 206].freeze
12
+ end
13
+
10
14
  SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/.freeze
11
15
 
12
16
  # @param [ Hash ] opts
@@ -17,7 +21,7 @@ module WPScan
17
21
  def aggressive(opts = {})
18
22
  found = []
19
23
 
20
- enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
24
+ enumerate(potential_urls(opts), opts.merge(check_full_response: valid_response_codes)) do |res|
21
25
  if res.effective_url.end_with?('.zip')
22
26
  next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type'])
23
27
  else
data/app/models/theme.rb CHANGED
@@ -92,7 +92,7 @@ module WPScan
92
92
  tags: 'Tags',
93
93
  text_domain: 'Text Domain'
94
94
  }.each do |attribute, tag|
95
- instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag))
95
+ instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag)&.force_encoding('UTF-8'))
96
96
  end
97
97
  end
98
98
 
@@ -25,6 +25,10 @@ module WPScan
25
25
 
26
26
  @all_numbers = []
27
27
 
28
+ DB::Version.metadata.each_key do |ver|
29
+ @all_numbers << ver
30
+ end
31
+
28
32
  DB::Fingerprints.wp_fingerprints.each_value do |fp|
29
33
  @all_numbers << fp.values
30
34
  end
data/lib/wpscan/helper.rb CHANGED
@@ -16,5 +16,8 @@ def classify_slug(slug)
16
16
  classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/-{1,}/, '_').camelize.to_s
17
17
  classified = "D_#{classified}" if /\d/.match?(classified[0])
18
18
 
19
+ # Special case for slugs with all non-latin characters.
20
+ classified = "HexSlug_#{slug.bytes.map { |i| i.to_s(16) }.join}" if classified.empty?
21
+
19
22
  classified.to_sym
20
23
  end
@@ -2,5 +2,5 @@
2
2
 
3
3
  # Version
4
4
  module WPScan
5
- VERSION = '3.8.25'
5
+ VERSION = '3.8.26'
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.8.25
4
+ version: 3.8.26
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-09-29 00:00:00.000000000 Z
11
+ date: 2024-09-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.13.9
19
+ version: 0.14.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.13.9
26
+ version: 0.14.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 0.21.0
131
+ version: 0.22.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 0.21.0
138
+ version: 0.22.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: simplecov-lcov
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -390,14 +390,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
390
390
  requirements:
391
391
  - - ">="
392
392
  - !ruby/object:Gem::Version
393
- version: '2.7'
393
+ version: '3.0'
394
394
  required_rubygems_version: !ruby/object:Gem::Requirement
395
395
  requirements:
396
396
  - - ">="
397
397
  - !ruby/object:Gem::Version
398
398
  version: '0'
399
399
  requirements: []
400
- rubygems_version: 3.0.3.1
400
+ rubygems_version: 3.2.33
401
401
  signing_key:
402
402
  specification_version: 4
403
403
  summary: WPScan - WordPress Vulnerability Scanner