Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 40 million developers.Sign up
- Fixed Incorrect
wp-contentdetected from links in homepage - Ref #1412
- Fixed exception raised by old version of activesupport in some cases - Ref #1419
- WPScan can now run on Windows, thanks @Reelix - Ref wpscanteam/CMSScanner#114
- Adds detection of WP, Plugins, Themes, Main Themes and their versions from 404
- Fixed Incorrect parsing of theme data when new lines before/after comments were stripped from the CSS file - Ref #1404
- Improved passive detection of WordPress
wp-contentlocation is now checked regardless of the detection mode choose, if the directory could not be detected passively
- Fixed empty username returned in some cases when detected via Author ID brute forcing.
- Fixed an issue where some plugins/themes were not detected when using he
- Fixed incorrect detection of the
wp-contentfolder in some cases - Ref #1411
- Fixed crash when a theme or plugin detected had dots in their slug
- Updated enumeration help message which displayed that p/t would enumerate plugins/themes rather than popular plugins/popular themes.
- Login requests are no longer cached - Ref #1395
- Vulnerabilities retrieved from the API directly (requires an API Token). Other data, such as latest plugin version etc is also retrieved from API when Token is provided (otherwise it will be from the local DB).
- Removed Secunia and OSVDB references (via CMSScanner 0.5.8)
- Updated packetstorm and securityfocus reference URLs to use HTTPS rather than HTTP (via CMSScanner 0.5.8)
sitepress-multilingual-cmsDF causing False Positive - Ref #1386
- 404 are now ignored with the BodyPatten DF - Ref #1386
--disable-tls-checksnow tries to downgrade to TLSv1 to avoid SSL errors - Ref #1380
- User Agent when updating the DB is now the default one (
WPScan v<VERSION> (https://wpscan.org/))
- Fixed crash when theme or plugin slug contain illegal characters to create a class - #1374
- Reduces starting time by not creating all DF. Plugin and Theme Versions DF are now created when they are needed.
- Fixes a bug where stats were not being displayed in some cases upon error in threads
- Fixes long generation time of target urls before enumeration when the blog had no sub directory detected.
- Potential Readme filenames can now be overridden via the DF config, leading to less requests done when looking for Readmes, and avoiding false positive due to old readme files which were checked first - #1364
- Some DF methods renamed to avoid confusion with DB methods (ie #db_data -> #df_data)