erroring out on html comment section

[Broham]

One of the plugins that my site uses includes an HTML comment section at the end of my landing page:

<!-- W3 Total Cache: Minify debug info:
Engine:             apc
Theme:              88e17
Template:           page-home

Replaced CSS files:
1. wp-content/themes/vik/style.css
2. wp-content/themes/vik/css/responsive.css
-->

<!-- W3 Total Cache: Page cache debug info:
Engine:             apc
Cache key:          b4e334d4390218c9c7ffbe503fef962c
Caching:            enabled
Status:             cached
Creation Time:      0.001s
Header info:
Last-Modified:       Wed, 15 Apr 2015 14:32:18 GMT
Expires:             Wed, 15 Apr 2015 15:32:18 GMT
Pragma:              public
Cache-Control:       public
Etag:                e803670ea39bb8f93ef2ca4d90d8b6df
X-Powered-By:        W3 Total Cache
Content-Type:         text/html; charset=UTF-8
-->

WPScan is erroring out when it hits this section with:

bad URI(is not URI?): html%3E%0D%0A%0D%0A%3C!--%20W3%20Total%20Cache:%20Minify%20debug%20info:%0D%0AEngine:%20%20%20%20%20%20%20%20%20%20%20%20%20apc%0D%0ATheme:%20%20%20%20%20%20%20%20%20%20%20%20%20%2088e17%0D%0ATemplate:%20%20%20%20%20%20%20%20%20%20%20page-home%0D%0A%0D%0AReplaced%20CSS%20files:%0D%0A1.%20wp-content/themes/vik/

Is there anything I can do to get past this error?

[erwanlr]

I wasn't able to reproduce the issue with this plugin & its debug mode active.

What version of Ruby & WPScan are you using ?
What command did you ran ?
Are your gems up-to-date ?

[Broham]

Ruby Version: ruby 2.2.1p85 (2015-02-26 revision 49769) [x86_64-darwin14]
WPScan Version: 2.7
Command: ruby wpscan.rb --url www.mySiteName.com
Yes I believe my ruby gems are up to date. I just ran:

gem install rubygems-update
update_rubygems
gem update --system

[erwanlr]

This is oooooooood then :x

Could you run again with the -v option and then paste the stack trace of the error here/on gist/by email please ?

[Broham]

Sure thing - just emailed

[erwanlr]

Still can't reproduce in specs with your code :o

When you said that your gems were up-to-date, you showed the rubygems update command (gem update --system), not the one to update all the gems (gem --update).

Please do the following:
run gem list and paste it there
run gem update, open the wpscan directory, delete the Gemfile.lock and run wpscan against your site again. If there is no error, paste the last line (Gems updated: ) of the gem update command to see which gems have been updated.

[erwanlr]

Alternatively, you can also send us the URL of your site to see if the issue is from the code that could be before / after the Debug comments

[Broham]

Ok - see below. Also - I think I included the url of my site in the email I sent you.

gem list:

*** LOCAL GEMS ***

addressable (2.3.8)
bigdecimal (1.2.6)
bundler (1.9.4)
bundler-unload (1.0.2)
ethon (0.7.3)
executable-hooks (1.3.2)
ffi (1.9.8)
gem-wrappers (1.2.7)
io-console (0.4.3)
json (1.8.2, 1.8.1)
mini_portile (0.6.2)
nokogiri (1.6.6.2)
psych (2.0.8)
rake (10.4.2)
rdoc (4.2.0)
ruby-progressbar (1.7.5)
rubygems-bundler (1.4.4)
rubygems-update (2.4.6)
rvm (1.11.3.9)
terminal-table (1.4.5)
typhoeus (0.7.1)

I ran gem update, deleted Gemfile.lock and attempted to run wpscan again. It threw the error:

Could not find gem 'webmock (>= 1.17.2) ruby' in any of the gem sources listed in your Gemfile or installed on this machine.
Run `bundle install` to install missing gems.

Should I install the missing gems?

[erwanlr]

ah crap, bundle update inside the wpscan directory will solve this :)

[erwanlr]

Was able to reproduce with the full code of your homepage :)

[Broham]

Interesting, I wonder why it happens on my homepage but not when trying to reproduce with the plugin.

[erwanlr]

git pull and you are good to go :)

[Broham]

That fixed it - thanks!

[hanwie]

hello... im new on linux...i learn how to use wpscan.. and i have some trouble about wpscan...

kenosis@kenosis-VPCSB16FG:/Downloads/wpscan$ ls
CHANGELOG.md data.zip example.conf.json lib spec
CREDITS dev Gemfile LICENSE stop_user_enumeration_bypass.rb
data DISCLAIMER.txt Gemfile README.md wpscan.rb
kenosis@kenosis-VPCSB16FG:/Downloads/wpscan$ ruby wpscan.rb 192.168.10.8
Could not find gem 'typhoeus (> 0.7.1) ruby' in any of the gem sources listed in your Gemfile or available on this machine.

Run bundle install to install missing gems.

kenosis@kenosis-VPCSB16FG:~/Downloads/wpscan$ gem list

*** LOCAL GEMS ***

addressable (2.3.8)
bigdecimal (1.2.4)
bundle (0.0.1)
bundler (1.10.3)
crack (0.4.2)
diff-lcs (1.2.5)
docile (1.1.5)
io-console (0.4.2)
json (1.8.1)
minitest (4.7.5)
psych (2.0.5)
rake (10.1.0)
rdoc (4.1.0)
rubygems-update (2.4.7)
safe_yaml (1.0.4)

test-unit (2.1.2.0)

kenosis@kenosis-VPCSB16FG:/Downloads/wpscan$ gem -v
2.2.2
kenosis@kenosis-VPCSB16FG:/Downloads/wpscan$ ruby -v

ruby 2.1.2p95 (2014-05-08) [x86_64-linux-gnu]

this is inside on gemfile

source 'https://rubygems.org'

gem 'typhoeus', '~>0.7.1'
gem 'nokogiri'
gem 'addressable'
gem 'json'
gem 'terminal-table'
gem 'ruby-progressbar', '>=1.6.0'

group :test do
gem 'webmock', '>=1.17.2'
gem 'simplecov'
gem 'rspec', '>=3.0'
gem 'rspec-its'

end

so mr.erwanlr
how can solve that ?
TQ for ur help and i so appreciate it

[erwanlr]

did you run the command bundle install inside the directory (~/Downloads/wpscan in your case), doesn't seem so from the list of installed gem (or an error occurred during the installation of one of them)

[hanwie]

yes.. i run bundle install on directory wpscan, so i must reinstall my gem package ? how to execute command on terminal ? to remove my gem ?
sorry im so nubi on linux