wpscan --update (checksums do not match) #958

sunilsong · 2016-06-21T12:20:11Z

themes.json: checksums do not match (local: c87e53e4888d734ea98c5987f95fe1a26725ccdd42d97b86172d2b116643bc753910e378f5e5d0de64034ef27ff90b9d026602c8fbd477260e83d33ce4915590 remote: 046df8e68d1843aadb1134e3a0ffbe48e0348d36a683a615c92d75eb66fddd5e09be11946919375d5f5e99a290719a9860859e2bf47d6b35c432ddaeb4a4e6af)
I am using ruby version 2.3.1.

firefart · 2016-06-21T12:23:57Z

➜  ~ curl -s data.wpscan.org/themes.json | sha512sum
046df8e68d1843aadb1134e3a0ffbe48e0348d36a683a615c92d75eb66fddd5e09be11946919375d5f5e99a290719a9860859e2bf47d6b35c432ddaeb4a4e6af  -
➜  ~ curl data.wpscan.org/themes.json.sha512
046df8e68d1843aadb1134e3a0ffbe48e0348d36a683a615c92d75eb66fddd5e09be11946919375d5f5e99a290719a9860859e2bf47d6b35c432ddaeb4a4e6af

We switched to another CDN yesterday I will investigate if there was an error on cache invalidation

sunilsong · 2016-06-21T12:28:35Z

Thank you!

I got :
$ curl -s data.wpscan.org/themes.json | sha512sum
c87e53e4888d734ea98c5987f95fe1a26725ccdd42d97b86172d2b116643bc753910e378f5e5d0de64034ef27ff90b9d026602c8fbd477260e83d33ce4915590 -
$ curl data.wpscan.org/themes.json.sha512
046df8e68d1843aadb1134e3a0ffbe48e0348d36a683a615c92d75eb66fddd5e09be11946919375d5f5e99a290719a9860859e2bf47d6b35c432ddaeb4a4e6af

ethicalhack3r · 2016-06-21T12:47:14Z

OK for me in France:

$ curl -s data.wpscan.org/themes.json | shasum -a 512
046df8e68d1843aadb1134e3a0ffbe48e0348d36a683a615c92d75eb66fddd5e09be11946919375d5f5e99a290719a9860859e2bf47d6b35c432ddaeb4a4e6af  -

$ curl data.wpscan.org/themes.json.sha512
046df8e68d1843aadb1134e3a0ffbe48e0348d36a683a615c92d75eb66fddd5e09be11946919375d5f5e99a290719a9860859e2bf47d6b35c432ddaeb4a4e6af

DNS is fine everywhere (except Thailand) https://www.whatsmydns.net/#A/data.wpscan.org

firefart · 2016-06-21T14:05:43Z

@sunilsong can you please try again? I manually invalidated the cache, let's see if this resolves this issue

tyaakow · 2016-06-21T14:06:35Z

Issue with plugins.json still here.

firefart · 2016-06-21T14:07:35Z

because I only invalidated themes.json for now so we can investigate

sunilsong · 2016-06-21T14:15:54Z

Great !! It worked for me now. Thank you !!

firefart · 2016-06-21T14:35:47Z

@tjankov can you please try again?

tyaakow · 2016-06-21T16:53:54Z

Worked now.

firefart · 2016-06-22T07:16:54Z

@tjankov @sunilsong new day, new data files. Can you please try again? I think I forgot to restart a process on the server when I deployed the cache invalidation changes

Stumpftopf · 2016-06-22T12:36:13Z

@firefart Still not working. :-(
themes.json: checksums do not match (local: 0b769da7c48759e5a9e03462b0b76e50806cb00fba445bfa6735c380a78a7ecd0f2b60c65e3018b5c522271620c43408e2f5e343d3544d64427d2fd1755fc52c remote: 046df8e68d1843aadb1134e3a0ffbe48e0348d36a683a615c92d75eb66fddd5e09be11946919375d5f5e99a290719a9860859e2bf47d6b35c432ddaeb4a4e6af)

emiliomg · 2016-06-23T13:47:34Z

Same problem here with a freshly cloned wpscan:

$ ./wpscan.rb --update
(...)
[!] plugins.json: checksums do not match (local: 3cc4734449619451769e1b2ad285477bbabb98110bf0b6ca5ee3fb7f256ae7366a60a9f9810a5733469eaa759a8d0134f2f728204e09b0c471ae0a87df6a5bf1 remote: cf77dc04cea85fb23b217ca773be782e48b54aa6da5ebceb4ba376feb6527e5d592a11603cca5d684a873e6ba69d146a3ba1cd072c701baa31f2aa86b61e5a99)

$ ./wpscan.rb --version
(...)
Current version: 2.9.1

firefart · 2016-06-23T14:00:29Z

@emiliomg can you please try again?

emiliomg · 2016-06-23T14:21:31Z

@firefart Success, even with a freshly cloned wpscan!

$ ./wpscan.rb --update
(...)
[i] Updating the Database ...
[i] Update completed.

firefart · 2016-06-23T14:24:50Z

@tjankov @sunilsong are you guys still getting errors?

sunilsong · 2016-06-23T18:54:07Z

Working fine for me.

tyaakow · 2016-06-27T04:19:01Z

Was fixed for me when @firefart (?) invalidated cache 6 days ago?

exploitprotocol · 2016-07-24T08:32:11Z

@ethicalhack3r @firefart Still facing this issue. Any workaround ?

firefart · 2016-07-24T08:41:26Z

@exploitprotocol can you please provide the following information (all executed from the server failing to update):

curl 'https://data.wpscan.org/cdn-cgi/trace'

curl -s data.wpscan.org/plugins.json | sha512sum

curl -s data.wpscan.org/plugins.json.sha512

curl -s data.wpscan.org/themes.json | sha512sum

curl -s data.wpscan.org/themes.json.sha512

Thanks!

firefart · 2016-07-24T08:42:02Z

@exploitprotocol also: which version of wpscan are you running?

exploitprotocol · 2016-07-26T13:56:39Z

Hey @firefart , sorry for the delay. Actually i was not facing this issue, this was with one of PentestBox user. I am reporting on his behalf.

Here is the output:

C:\

curl -s data.wpscan.org/plugins.json | sha512sum
f031f4cff2d2e92cadb6f65f738b484abffa925010a9716c57862969f9bd98aec3a1c06cdd51500abbcf6de3d157780b39c8e4242337517e36881ee4a5f0aa33 *-

C:\

curl -s data.wpscan.org/plugins.json.sha512
f031f4cff2d2e92cadb6f65f738b484abffa925010a9716c57862969f9bd98aec3a1c06cdd51500abbcf6de3d157780b39c8e4242337517e36881ee4a5f0aa33

C:\

curl -s data.wpscan.org/themes.json | sha512sum
347af9f309a611f7648381cc04ab6198a1c20236f03748deb015888b88d9edd5426d0b0803ad605235c778cdea06bc8d247034f34686fff9221d8d663126abe4 *-

C:\

curl -s data.wpscan.org/themes.json.sha512
347af9f309a611f7648381cc04ab6198a1c20236f03748deb015888b88d9edd5426d0b0803ad605235c778cdea06bc8d247034f34686fff9221d8d663126abe4

Wordpress Version: 2.9.1

Thanks

firefart · 2016-07-26T14:00:35Z

@exploitprotocol so the caching issue does not exist any more for this user. But we are still in contact with cloudflare because of an issue with their cache invalidation API

van7hu · 2016-07-29T22:13:48Z

I have this problem today.

van7hu@van7hu-Inspiron-5458:~$ curl -s data.wpscan.org/plugins.json | shasum -a 512
2223008a3be2737599da6332f01cf54190754dcfc1d72fd2a0bb6de5782a18c1e55ba652f6c8f7dda21027dd0b40835cb2da6de1855390c19b7aed100fecb7b9  -
van7hu@van7hu-Inspiron-5458:~$ curl -s data.wpscan.org/plugins.json.sha512
cf55bb2019ffd51423413819ac2245520da79d0b9e12de5294dcb99e10fc261192486af8a90215327538488d02bb1cc059eb277b4f3329599c94d3a58810e1e3

firefart · 2016-07-30T20:18:29Z

@van7hu can you please post the output of

curl 'https://data.wpscan.org/cdn-cgi/trace'

? This is the info the guys over at cloudflare need to investigate this issue

aaroncrawford · 2016-07-30T20:38:40Z

@firefart I'm receiving the checksum error as well when I try to update. Same file - plugins.json. Here's the output of the curl :

fl=15f71
h=data.wpscan.org
ip=2601:2c5:c300:18:2ccf:ca90:47cf:ff67
ts=1469911040.177
visit_scheme=https
uag=curl/7.47.0
colo=DFW
spdy=off
http=http/1.1
loc=US

Thanks for looking into it.

firefart · 2016-08-16T07:20:37Z

@s4n7h0 because there are caching issues on our CDN. That's why we need the additional info when an caching error happened.

backendfrenchninja · 2016-08-16T09:02:40Z

I get a problem when I try to update wpscan from a fresh install made on macOS, can you help me?
(install made from github clone)

[i] Updating the Database ...
[!] plugins.json: checksums do not match (local: cebb95092bc0441c248cf132149a85dff5f5dc8a773db674a4a6d8397e7a6199a29d29bad44788137c8676b95c7fd28139e8eceeb0b1fa3de93d1818204e6bf6 remote: 44cfc9a64e9f8c871d4821ff2285b7f48252e096a336d799b2ba11ad3974d846b4a1a4f0be7fd3695903c3ba2e36ef408fdc8bec18356830892dc09dbd912d13)
[!] Downloaded File Content:
{"theme-my-login":{"latest_version":"6.4.5","last_updated":"2016-05-22T00:23:00.000Z","popular":true,"vulnerabilities":[{"id":6043,"title":"Theme My Login 6.3.9 - Local File Inclusion","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2015-05-15T13:47:24.000Z","published_date":null,"references":{"url":["http://packetstormsecurity.com/files/127302/","http://seclists.org/fulldisclosure/2014/Jun/172","http://www.securityfocus.com/bid/68254/","https://security.dxw.com/advisories/lfi-in-theme-my-l
.........

[!] Cloudflare Info:
fl=35f25
h=data.wpscan.org
ip=119.42.67.155
ts=1471337978.453
visit_scheme=https
uag=WPScan v2.9.1 (http://wpscan.org)
colo=SIN
spdy=off
http=http/1.1
loc=TH

[!] Please submit this info as an Github issue

modelm · 2016-08-19T17:04:38Z

Another case of the same problem (latest revision from github manual install):

[i] Updating the Database ...
[!] themes.json: checksums do not match (local: 62965de146bbde6ac85ee8cd4b95108c7313d55f06734df53c347ea777d72ffc72e448677545e25b8983e106b65fc46919dd4a8542a8e7814e6241979bb4d0c7 remote: a573c8b018eb07f034d02247e6781e3843ab22817950b55ecff9f94d60ce2412e97dada63e71300ce56eda7d036bb3725c8418050c7fe69ee2388e50078970d3)
[!] Downloaded File Content:
{"crius":{"latest_version":null,"last_updated":null,"popular":false,"vulnerabilities":[{"id":7306,"title":"Crius - VideoJS Cross-Site Scripting ","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2015-05-15T13:48:44.000Z","published_date":null,"references":{"url":["http://seclists.org/fulldisclosure/2013/May/77"],"secunia":["53427"]},"vuln_type":"XSS","fixed_in":null}]},"source":{"latest_version":null,"last_updated":null,"popular":false,"vulnerabilities":[{"id":7307,"title":"Source - VideoJS 
.........

[!] Cloudflare Info:
fl=16f9
h=data.wpscan.org
ip=54.173.49.158
ts=1471626188.536
visit_scheme=https
uag=WPScan v2.9.1 (http://wpscan.org)
colo=IAD
spdy=off
http=http/1.1
loc=US

[!] Please submit this info as an Github issue

firefart · 2016-08-19T19:51:34Z

@modelm thx i forwarded the info to cloudflare. Is the machine having problems behind a proxy server or is it connected directly to the internet?

albarki · 2016-08-22T14:26:05Z

Same error here, CentOS6 fresh manual install, last version from github

[i] Updating the Database ...
[!] themes.json: checksums do not match (local: eaa91a87119342c020ed2ca136edd08715ee36492fac260bd4cbed84de4b82163b8cfa38d691dad96c880a8134b69021295ee764910e5ae3b784b84397eea5da remote: e397990628de622d18915d0895c74899524e49da3debc85acbe8bd796fffa6e9a0d304290ea61bdbfa132f5a2f16f3f3ff026b3841613a3b5909c0c96017ca97)
[!] Downloaded File Content:
{"crius":{"latest_version":null,"last_updated":null,"popular":false,"vulnerabilities":[{"id":7306,"title":"Crius - VideoJS Cross-Site Scripting ","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2015-05-15T13:48:44.000Z","published_date":null,"references":{"url":["http://seclists.org/fulldisclosure/2013/May/77"],"secunia":["53427"]},"vuln_type":"XSS","fixed_in":null}]},"source":{"latest_version":null,"last_updated":null,"popular":false,"vulnerabilities":[{"id":7307,"title":"Source - VideoJS 
.........

[!] Cloudflare Info:
fl=71f84
h=data.wpscan.org
ip=2a01:4f8:130:246e::2
ts=1471875424.753
visit_scheme=https
uag=WPScan v2.9.1 (http://wpscan.org)
colo=FRA
spdy=off
http=http/1.1
loc=DE

[!] Please submit this info as an Github issue

modelm · 2016-08-22T15:16:46Z

@firefart that machine is directly connected, no proxy, other network connections working fine

firefart · 2016-08-28T20:20:50Z

@modelm @albarki are you guys still getting the caching errors?

modelm · 2016-08-29T13:15:58Z

Nope, works ok for me now.

albarki · 2016-08-29T22:24:59Z

@firefart No, it is working now, thanks

CounterForce · 2016-09-05T16:36:09Z

I have the exact same issue.
I'm working on a Kali Linux in Virtual Box.
I tried to uninstall everything from WPscan from Kali and reinstalling it again but it doesn't fix the issue.

`root@kali:/opt/wpscan# ./wpscan.rb --update

    __          _______   _____                  
    \ \        / /  __ \ / ____|                 
     \ \  /\  / /| |__) | (___   ___  __ _ _ __  
      \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
       \  /\  /  | |     ____) | (__| (_| | | | |
        \/  \/   |_|    |_____/ \___|\__,_|_| |_|

    WordPress Security Scanner by the WPScan Team 
                   Version 2.9.1
      Sponsored by Sucuri - https://sucuri.net

@WPScan, @ethicalhack3r, @erwan_lr, pvdl, @FireFart

[i] Updating the Database ...
[!] wp_versions.xml: checksums do not match (local: 0a43a016b35cda1f1d2c9527999aae33996955501d1350479412f60e70de67f61c5a3b706d2300afe53b2cc493ed9dbdad276232e526466bf3285df360337516 remote: b79a6fd8b7537233f62e282d3dc49f279aa0309dd874dad9562f538593e84e2921452ee5177618f05cfb25f6a432fd3533b22dd225db8809cf87b14c896ef6e9)
[!] Downloaded File Content:

4.5.2

.........

[!] Cloudflare Info:
fl=78f1
h=data.wpscan.org
ip=2a02:1810:3601:be00:6d93:86c3:e00d:8866
ts=1473092827.297
visit_scheme=https
uag=WPScan v2.9.1 (http://wpscan.org)
colo=BRU
spdy=off
http=http/1.1
loc=BE

[!] Please submit this info as an Github issue
root@kali:/opt/wpscan# curl 'https://data.wpscan.org/cdn-cgi/trace'
fl=78f7
h=data.wpscan.org
ip=2a02:1810:3601:be00:6d93:86c3:e00d:8866
ts=1473092897.736
visit_scheme=https
uag=curl/7.50.1
colo=BRU
spdy=h2
http=h2
loc=BE
root@kali:/opt/wpscan# curl -s data.wpscan.org/plugins.json | sha512sum
c92b901cb5e9f54b8ca848c7532dbf3d18b3049a85c6518788e5d3e5a0f3e20e9a67b2ea91d8e5e7f3f80e1cb72582c4f6ac05fb691355f3d00f278589462ae2 -
root@kali:/opt/wpscan# curl -s data.wpscan.org/plugins.json.sha512
c92b901cb5e9f54b8ca848c7532dbf3d18b3049a85c6518788e5d3e5a0f3e20e9a67b2ea91d8e5e7f3f80e1cb72582c4f6ac05fb691355f3d00f278589462ae2root@kali:/opt/wpscan# curl -s data.wpscan.org/themes.json | sha512sum
5c45b0ca74deb1c87b42250cf8e7507b1e0c1395068542467d5e0e52bf05e429cd5b124ac08fdbe71aab55849837163995d2289ae86a0541c62f6ee706cd9bac -
root@kali:/opt/wpscan# curl -s data.wpscan.org/themes.json.sha512
5c45b0ca74deb1c87b42250cf8e7507b1e0c1395068542467d5e0e52bf05e429cd5b124ac08fdbe71aab55849837163995d2289ae86a0541c62f6ee706cd9bac`

firefart · 2016-09-05T19:37:06Z

thx @CounterForce ! I forwarded the info to the cloudflare team

viki060892 · 2016-09-08T12:39:00Z

hi sir i have faced this error for updating wpscan:
local_vulnerable_files.xml: checksums do not match

johnmckinght · 2016-09-21T05:03:35Z

i have same problem with Kali Linux 2.0 Light

root@w00t20-l:~# cat /etc/issue.net
Kali GNU/Linux 2.0
root@w00t20-l:~# lsb_release -a
No LSB modules are available.
Distributor ID: Kali
Description:    Kali GNU/Linux 2.0
Release:    2.0
Codename:   sana

verbose results while trying to update

root@w00t20-l:~# wpscan --update --verbose
_______________________________________________________________
        __          _______   _____                  
        \ \        / /  __ \ / ____|                 
         \ \  /\  / /| |__) | (___   ___  __ _ _ __  
          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
           \  /\  /  | |     ____) | (__| (_| | | | |
            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team 
                       Version 2.8
          Sponsored by Sucuri - https://sucuri.net
   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________

[i] Updating the Database ...
[+] Checking local_vulnerable_files.xml
  [i] Needs to be updated
  [i] Backup Created
  [i] Downloading new file
  [i] Downloaded File Checksum: d9075b1f50ded87611d6eef70b2f08e2bdd21ef0eceaeaaff26aa23cbe00731009ccfdf1166eac4537eeb10d83050501222e6cdc3e5fc28daf430ef84156b27b
  [i] Database File Checksum  : ���   ���@K�
������v7����c8��������G���.�Lf�jd�u��&�׽�"��>n�,�<��!���i�o���c��#���~��σ�
  [i] Restoring Backup due to error
  [i] Deleting Backup

[!] local_vulnerable_files.xml: checksums do not match
[!] Trace:
[!] /usr/share/wpscan/lib/common/db_updater.rb:102:in `block in update'
/usr/share/wpscan/lib/common/db_updater.rb:82:in `each'
/usr/share/wpscan/lib/common/db_updater.rb:82:in `update'
./wpscan.rb:73:in `main'
./wpscan.rb:443:in `<main>'

@firefart is there any doc for the docker version can you point me? i would like to try that, been a while since i use wpscan
thankyou

johnmckinght · 2016-09-21T08:11:31Z

bdw i was able to use wpscan now.
i was following docker installation step until bundle install --without test

wpscan@w00t20-l:~/wpscan$ bundle install --without test
Fetching gem metadata from https://rubygems.org/...........
Fetching version metadata from https://rubygems.org/.
Resolving dependencies...
Installing addressable 2.4.0
Installing ffi 1.9.14 with native extensions
Installing mini_portile2 2.1.0
Installing pkg-config 1.1.7
Installing ruby-progressbar 1.8.1
Installing unicode-display_width 1.1.1
Installing yajl-ruby 1.2.1 with native extensions
Using bundler 1.13.1
Installing ethon 0.9.1
Installing nokogiri 1.6.8 with native extensions
Installing terminal-table 1.7.2
Installing typhoeus 1.1.0
Bundle complete! 10 Gemfile dependencies, 12 gems now installed.
Gems in the group test were not installed.
Use `bundle show [gemname]` to see where a bundled gem is installed.

updating database

wpscan@w00t20-l:~/wpscan$ ./wpscan.rb --update
_______________________________________________________________
        __          _______   _____                  
        \ \        / /  __ \ / ____|                 
         \ \  /\  / /| |__) | (___   ___  __ _ _ __  
          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
           \  /\  /  | |     ____) | (__| (_| | | | |
            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team 
                       Version 2.9.1
          Sponsored by Sucuri - https://sucuri.net
   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________

[i] Updating the Database ...
[i] Update completed.

3n1gma30 · 2016-11-27T00:33:07Z

    __          _______   _____                  
    \ \        / /  __ \ / ____|                 
     \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
      \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
       \  /\  /  | |     ____) | (__| (_| | | | |
        \/  \/   |_|    |_____/ \___|\__,_|_| |_|

    WordPress Security Scanner by the WPScan Team 
                   Version 2.9.2
      Sponsored by Sucuri - https://sucuri.net

@WPScan, @ethicalhack3r, @erwan_lr, pvdl, @FireFart

[i] Updating the Database ...
[!] plugins.json: checksums do not match (local: c50f51f7f4cf75584a8d1474029a79cc64af0b2f279f5c9a39fa974db4dadb3bfb4e90240bd285a376db9bbaeafc357cc17f322125b78df7a427cdd8d710c4dc remote: 9950409d87fa1b749018035e67d39494720600fe6f630e56afa8c7d5c25990927faacee39bb874a915630a8035d4a8457dc9974248b23262bb0a5c597ff12cf3)
[!] Downloaded File Content:
{"theme-my-login":{"latest_version":"6.4.6","last_updated":"2016-10-22T19:14:00.000Z","popular":true,"vulnerabilities":[{"id":6043,"title":"Theme My Login 6.3.9 - Local File Inclusion","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2015-05-15T13:47:24.000Z","published_date":null,"references":{"url":["http://packetstormsecurity.com/files/127302/","http://seclists.org/fulldisclosure/2014/Jun/172","http://www.securityfocus.com/bid/68254/","https://security.dxw.com/advisories/lfi-in-theme-my-l
.........

[!] Please submit this info as an Github issue
d0c@Universe:~$

Issue is still here. I've tried to update like 5 times now same issue.

firefart · 2016-11-27T16:34:44Z

@3n1gma30 According to the time you posted this issue I think I know the problem. This is the time we daily regenerate the json files and need to invalidate them on our CDN which can last a few minutes. So I think you might have ran into this short timeframe. If you try to update again, it should update.

tunechi1 · 2017-08-01T08:56:55Z

can anyone help on this:

[i] Updating the Database ...
[!] plugins.json: checksums do not match (local: 9695c8a1f7008ba0cd543572fab2caff47e24c822f70a8b3b8eda9d2cc478656aea99c8e3d5b976b4ecd6ba1d663328629f93b1313d02a59f1640013794bbeef remote: 0d7a9491de7fceeb476fd38b3f7361c373750a25c749430b367a1070bd6db9250d1b0f18c6b43e798c3ab609b20a1a6e486ceda544c78f5bae369cc32fb519fd)
[!] Downloaded File Content:
{"theme-my-login":{"latest_version":"6.4.9","last_updated":"2017-02-19T22:49:00.000Z","popular":true,"vulnerabilities":[{"id":6043,"title":"Theme My Login 6.3.9 - Local File Inclusion","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2015-05-15T13:47:24.000Z","published_date":null,"references":{"url":["http://packetstormsecurity.com/files/127302/","http://seclists.org/fulldisclosure/2014/Jun/172","http://www.securityfocus.com/bid/68254/","https://security.dxw.com/advisories/lfi-in-theme-my-l
.........

[!] Some hints to help you with this issue:
[!] -) Try updating again
[!] -) If you see SSL/TLS related error messages you have to fix your local TLS setup

firefart · 2017-08-01T16:17:15Z

@tunechi1 Please try updating again. If you are using the github or the docker version there should now be improved output on errors

tunechi1 · 2017-08-01T21:16:16Z

Hills Charles <goldagentcharles@gmail.com> 9:04 PM (1 hour ago) to notifications Move to Inbox More 1 of 6 Please help me with this issue "[i] Updating the Database ... [!] Unable to get https://data.wpscan.org/plugins.json (Timeout was reached)" root@tunechi:~# cat /etc/*release* DISTRIB_ID=Kali DISTRIB_RELEASE=kali-rolling DISTRIB_CODENAME=kali-rolling DISTRIB_DESCRIPTION="Kali GNU/Linux Rolling" PRETTY_NAME="Kali GNU/Linux Rolling" NAME="Kali GNU/Linux" ID=kali VERSION="2017.1" VERSION_ID="2017.1" ID_LIKE=debian ANSI_COLOR="1;31" HOME_URL="http://www.kali.org/" SUPPORT_URL="http://forums.kali.org/" BUG_REPORT_URL="http://bugs.kali.org/" root@tunechi:~# openssl version OpenSSL 1.1.0f 25 May 2017

…

On Tue, Aug 1, 2017 at 4:17 PM, Christian Mehlmauer < ***@***.***> wrote: @tunechi1 <https://github.com/tunechi1> Please try updating again. If you are using the github or the docker version there should now be improved output on errors — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#958 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AdM6SZuCFaDN-eRGyX_4Hgxr-ZcKYbiqks5sT0-RgaJpZM4I6q39> .

firefart · 2017-08-02T07:08:26Z

@tunechi1 see #1118. It's not helpful if you open multiple issues for the same problem.

tunechi1 · 2017-08-02T19:50:16Z

i'm sorry, i should've waited..was not getting any response that's why i open that one too, i'm very sorry

…

On Wed, Aug 2, 2017 at 8:08 AM, Christian Mehlmauer < ***@***.***> wrote: @tunechi1 <https://github.com/tunechi1> see #1118 <#1118>. It's not helpful if you open multiple issues for the same problem. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#958 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AdM6SblqX02WM-nGSB6IXa7-XdbYuwMEks5sUCBvgaJpZM4I6q39> .

Danish22 · 2017-09-29T06:41:54Z

@firefart Hi
The issue is appearing again .
wordpress.json:checksums do not match

Download File Contetnt

firefart · 2017-09-29T08:37:04Z

We are currently aware of the caching issue (it takes several hours to invalidate the cache) and investigating the issue with our CDN provider

Danish22 · 2017-09-29T08:59:45Z

Okay
Thanks

tengshoujian · 2018-07-22T14:16:11Z

@firefart Hi
how can i resolve the problem?

root@kali:/usr/share/wpscan# ./wpscan.rb --update

    __          _______   _____                  
    \ \        / /  __ \ / ____|                 
     \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
      \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
       \  /\  /  | |     ____) | (__| (_| | | | |
        \/  \/   |_|    |_____/ \___|\__,_|_| |_|

    WordPress Security Scanner by the WPScan Team 
                   Version 2.9.3
      Sponsored by Sucuri - https://sucuri.net

@WPScan, @ethicalhack3r, @erwan_lr, pvdl, @FireFart

[i] Updating the Database ...
[!] wordpresses.json: checksums do not match (local: 4a6e83e524b0bcb735b8a00923eb5af4c0389eebd6c0341abe2c98be7ea9228a3e409074d831b2f44b89f74e7113ec68d2412bbddf4c5728b22df71ae2066021 remote: 5c8c245214905c65946ca275102a202dcc46e8d8470124d3bad14b4bf279caebaefc71057d65ac1e58944a0dccf2282a74da57e9c445d88d0bfc983ef9f1b29c)
[!] Downloaded File Content:
{"3.8.1":{"release_date":"2014-01-23","changelog_url":"https://codex.wordpress.org/Version_3.8.1","vulnerabilities":[{"id":5963,"title":"WordPress 1.0 - 3.8.1 administrator exploitable blind SQLi","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2015-05-15T13:47:19.000Z","published_date":null,"references":{"url":["https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/"]},"vuln_type":"SQLI","fixed_in":null},{"id":5964,"title":"WordPress 3.7.1 \u0026 3.8.1 Potential Authentication Cookie
.........

[!] Some hints to help you with this issue:
[!] -) Try updating again
[!] -) If you see SSL/TLS related error messages you have to fix your local TLS setup
[!] -) Windows is still not supported

firefart · 2018-07-23T04:02:23Z

[!] Some hints to help you with this issue:
[!] -) Try updating again
[!] -) If you see SSL/TLS related error messages you have to fix your local TLS setup
[!] -) Windows is still not supported

moisesfaponte · 2018-09-02T13:45:57Z

hi.
I'm having this error since yesterday. uninstall and reinstall wpscan but continue with outdated databases and it does not allow me to work.
__ _______ _____
\ \ / / __ \ / |
\ \ /\ / /| |) | ( ___ __ _ _ __ ®
\ / / / | / _ \ / |/ ` | ' \
\ /\ / | | ____) | (| (| | | | |
/ / || |___/ _|_,|| ||

    WordPress Security Scanner by the WPScan Team 
                   Version 2.9.4
      Sponsored by Sucuri - https://sucuri.net
  @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_

[i] Updating the Database ...
[+] Checking: local_vulnerable_files.xml
[i] Already Up-To-Date
[+] Checking: local_vulnerable_files.xsd
[i] Already Up-To-Date
[+] Checking: timthumbs.txt
[i] Already Up-To-Date
[+] Checking: user-agents.txt
[i] Already Up-To-Date
[+] Checking: wp_versions.xml
[i] Already Up-To-Date
[+] Checking: wp_versions.xsd
[i] Already Up-To-Date
[+] Checking: wordpresses.json
[i] Already Up-To-Date
[+] Checking: plugins.json
[i] Needs to be updated
[i] Backup Created
[i] Downloading new file: https://data.wpscan.org/plugins.json
[i] Restoring Backup due to error
[i] Deleting Backup

[!] Unable to get https://data.wpscan.org/plugins.json (Timeout was reached)
[!] Trace:
[!] /usr/share/wpscan/lib/common/db_updater.rb:82:in download' /usr/share/wpscan/lib/common/db_updater.rb:104:in block in update'
/usr/share/wpscan/lib/common/db_updater.rb:89:in each' /usr/share/wpscan/lib/common/db_updater.rb:89:in update'
./wpscan.rb:123:in main' ./wpscan.rb:626:in

'

thanks in advance for help

w0yun · 2020-03-21T03:15:10Z

root@kali:/var/www/html/wpscan# wpscan --update

    __          _______   _____                  
    \ \        / /  __ \ / ____|                 
     \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
      \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
       \  /\  /  | |     ____) | (__| (_| | | | |
        \/  \/   |_|    |_____/ \___|\__,_|_| |_|

    WordPress Security Scanner by the WPScan Team 
                   Version 2.9.4
      Sponsored by Sucuri - https://sucuri.net
  @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_

[i] Updating the Database ...
[!] local_vulnerable_files.xml: checksums do not match (local: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e remote: )
[!] Current Version: 2.9.4
[!] Downloaded File Content:

.........

[!] Some hints to help you with this issue:
[!] -) Try updating again using --verbose
[!] -) If you see SSL/TLS related error messages you have to fix your local TLS setup
[!] -) Windows is still not supported
root@kali:/var/www/html/wpscan# curl 'https://wpscan.org/cdn-cgi/trace'
fl=28f254
h=wpscan.org
ip=115.183.12.246
ts=1584760223.5
visit_scheme=https
uag=curl/7.60.0
colo=SEA
http=http/2
loc=CN
tls=TLSv1.2
sni=plaintext
warp=off
root@kali:/var/www/html/wpscan# curl -s wpscan.org/plugins.json | sha512sum
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e -
root@kali:/var/www/html/wpscan# curl -s wpscan.org/plugins.json.sha512
root@kali:/var/www/html/wpscan# curl -s wpscan.org/themes.json | sha512sum
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e -
root@kali:/var/www/html/wpscan# curl -s wpscan.org/themes.json.sha512
root@kali:/var/www/html/wpscan#

我这个问题怎么解决？？？？

w0yun · 2020-03-21T03:29:13Z

root@kali:/var/www/html# wpscan --disable-tls-checks

firefart · 2020-03-21T14:00:12Z

You need to update your wpscan installation: https://blog.wpscan.org/wpscan/deprecation/2019/11/25/old-wpscan-deprecation.html

ethicalhack3r mentioned this issue Jun 21, 2016

Update fails, plugins.json checksum #959

Closed

ethicalhack3r changed the title ~~wpscan --update~~ wpscan --update (checksums do not match) Jun 21, 2016

ethicalhack3r mentioned this issue Jun 23, 2016

Error Updating Database #961

Closed

ethicalhack3r closed this as completed Jun 26, 2016

mtmtcode mentioned this issue Jul 19, 2016

checksums do not match (theme.json) #967

Closed

wpscan --update (checksums do not match) #958

wpscan --update (checksums do not match) #958

Comments

sunilsong commented Jun 21, 2016

firefart commented Jun 21, 2016

sunilsong commented Jun 21, 2016 • edited Loading

ethicalhack3r commented Jun 21, 2016 • edited Loading

firefart commented Jun 21, 2016

tyaakow commented Jun 21, 2016

firefart commented Jun 21, 2016

sunilsong commented Jun 21, 2016

firefart commented Jun 21, 2016

tyaakow commented Jun 21, 2016

firefart commented Jun 22, 2016

Stumpftopf commented Jun 22, 2016

emiliomg commented Jun 23, 2016 • edited Loading

firefart commented Jun 23, 2016

emiliomg commented Jun 23, 2016

firefart commented Jun 23, 2016

sunilsong commented Jun 23, 2016

tyaakow commented Jun 27, 2016

exploitprotocol commented Jul 24, 2016

firefart commented Jul 24, 2016

firefart commented Jul 24, 2016

exploitprotocol commented Jul 26, 2016

firefart commented Jul 26, 2016

van7hu commented Jul 29, 2016

firefart commented Jul 30, 2016

aaroncrawford commented Jul 30, 2016 • edited Loading

firefart commented Aug 16, 2016

backendfrenchninja commented Aug 16, 2016 • edited by firefart Loading

modelm commented Aug 19, 2016

firefart commented Aug 19, 2016

albarki commented Aug 22, 2016

modelm commented Aug 22, 2016

firefart commented Aug 28, 2016

modelm commented Aug 29, 2016

albarki commented Aug 29, 2016

CounterForce commented Sep 5, 2016

firefart commented Sep 5, 2016

viki060892 commented Sep 8, 2016

johnmckinght commented Sep 21, 2016

johnmckinght commented Sep 21, 2016

3n1gma30 commented Nov 27, 2016 • edited Loading

firefart commented Nov 27, 2016

tunechi1 commented Aug 1, 2017

firefart commented Aug 1, 2017

tunechi1 commented Aug 1, 2017 via email

firefart commented Aug 2, 2017

tunechi1 commented Aug 2, 2017 via email

Danish22 commented Sep 29, 2017

firefart commented Sep 29, 2017

Danish22 commented Sep 29, 2017

tengshoujian commented Jul 22, 2018

firefart commented Jul 23, 2018

moisesfaponte commented Sep 2, 2018

w0yun commented Mar 21, 2020

w0yun commented Mar 21, 2020

firefart commented Mar 21, 2020

sunilsong commented Jun 21, 2016 •

edited

Loading

ethicalhack3r commented Jun 21, 2016 •

edited

Loading

emiliomg commented Jun 23, 2016 •

edited

Loading

aaroncrawford commented Jul 30, 2016 •

edited

Loading

backendfrenchninja commented Aug 16, 2016 •

edited by firefart

Loading

3n1gma30 commented Nov 27, 2016 •

edited

Loading