ethicalhack3r
commented
6 years ago Are you able to reach the file using curl directly?
curl -I https://data.wpscan.org/plugins.json
Closed moisesfaponte closed 6 years ago
ethicalhack3r
commented
6 years ago Are you able to reach the file using curl directly?
curl -I https://data.wpscan.org/plugins.json
moisesfaponte
commented
6 years ago i have this result with
root@kendal01:~# curl -I https://data.wpscan.org/plugins.json HTTP/2 200 server: nginx date: Mon, 03 Sep 2018 13:32:34 GMT content-type: application/json content-length: 10251122 x-sucuri-id: 17004 content-security-policy: upgrade-insecure-requests; x-amz-id-2: KqPMpCsOet/du6agIfbH12/8CW6kIlp2nWtoEans81BDhZjTSRcgc7YZoXNLam5FRH99tbiQPWE= x-amz-request-id: 57435334668F24B2 cache-control: no-cache last-modified: Mon, 03 Sep 2018 04:24:17 GMT etag: "3dd4cc157764b01390aa02cc69e81bee" x-sucuri-cache: MISS
ethicalhack3r
commented
6 years ago Did you set the --connect-timeout option correctly? In your original issue, you set it without the --.
You set:
connect-timeout 360Should be:
--connect-timeout 360im trying again root@kendal01:~# wpscan --update --verbose --connect-timeout 360
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 2.9.4
Sponsored by Sucuri - https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_[i] Updating the Database ... [+] Checking: local_vulnerable_files.xml [i] Already Up-To-Date [+] Checking: local_vulnerable_files.xsd [i] Already Up-To-Date [+] Checking: timthumbs.txt [i] Already Up-To-Date [+] Checking: user-agents.txt [i] Already Up-To-Date [+] Checking: wp_versions.xml [i] Already Up-To-Date [+] Checking: wp_versions.xsd [i] Already Up-To-Date [+] Checking: wordpresses.json [i] Already Up-To-Date [+] Checking: plugins.json [i] Needs to be updated [i] Backup Created [i] Downloading new file: https://data.wpscan.org/plugins.json [i] Restoring Backup due to error [i] Deleting Backup
[!] Unable to get https://data.wpscan.org/plugins.json (Timeout was reached)
[!] Trace:
[!] /usr/share/wpscan/lib/common/db_updater.rb:82:in download' /usr/share/wpscan/lib/common/db_updater.rb:104:inblock in update'
/usr/share/wpscan/lib/common/db_updater.rb:89:in each' /usr/share/wpscan/lib/common/db_updater.rb:89:inupdate'
./wpscan.rb:123:in main' ./wpscan.rb:626:in
moisesfaponte
commented
6 years ago @ethicalhack3r thanks for your attention , i try again but it doesn't update -checksum not match )
root@kendal01:~# wpscan --update --verbose --connect-timeout 360
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 2.9.4
Sponsored by Sucuri - https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_[i] Updating the Database ... [+] Checking: local_vulnerable_files.xml [i] Already Up-To-Date [+] Checking: local_vulnerable_files.xsd [i] Already Up-To-Date [+] Checking: timthumbs.txt [i] Already Up-To-Date [+] Checking: user-agents.txt [i] Already Up-To-Date [+] Checking: wp_versions.xml [i] Already Up-To-Date [+] Checking: wp_versions.xsd [i] Already Up-To-Date [+] Checking: wordpresses.json [i] Already Up-To-Date [+] Checking: plugins.json [i] Needs to be updated [i] Backup Created [i] Downloading new file: https://data.wpscan.org/plugins.json [i] Downloaded File Checksum: 05932556f1b77bb1fd99e05c0ed6707daafecefc9635c092e0476df5d6f6b634eaffe0d3444ca2cecbbd4e1bfccd07d36f57c12839d5cf47ff843c9537497ca7 [i] Database File Checksum : 46dd2aeb02160f9ef9ff293ba104e914c5fbcce25e6a84bd5e680aa60a739fe7a720c4b4e7edcb58d9701358dc0cd34556342100d4cdd1be4cfa5f951b24c731 [i] Restoring Backup due to error [i] Deleting Backup [!] plugins.json: checksums do not match (local: 05932556f1b77bb1fd99e05c0ed6707daafecefc9635c092e0476df5d6f6b634eaffe0d3444ca2cecbbd4e1bfccd07d36f57c12839d5cf47ff843c9537497ca7 remote: 46dd2aeb02160f9ef9ff293ba104e914c5fbcce25e6a84bd5e680aa60a739fe7a720c4b4e7edcb58d9701358dc0cd34556342100d4cdd1be4cfa5f951b24c731) [!] Current Version: 2.9.4 [!] Downloaded File Content: {"theme-my-login":{"latest_version":"7.0.10","last_updated":"2018-08-02T22:18:00.000Z","popular":true,"vulnerabilities":[{"id":6043,"title":"Theme My Login 6.3.9 - Local File Inclusion","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2015-05-15T13:47:24.000Z","published_date":null,"vuln_type":"LFI","references":{"url":["http://packetstormsecurity.com/files/127302/","http://seclists.org/fulldisclosure/2014/Jun/172","http://www.securityfocus.com/bid/68254/","https://security.dxw.com/advisorie ......... lnerabilities":[]},"buddypress-admin":{"latest_version":null,"last_updated":null,"popular":false,"vulnerabilities":[]},"buddypress-admin-access-activity":{"latest_version":"1.0","last_updated":"2013-10-19T07:07:00.000Z","popular":false,"vulnerabilities":[]},"buddypress-admin-bar-mods":{"latest_version":null,"last_updated":null,"popular":false,"vulnerabilities":[]},"buddypress-admin-edit-profile-fields":{"latest_version":null,"last_updated":null,"popular":false,"vulnerabilities":[]},"buddypress-a
[!] Some hints to help you with this issue: [!] -) Try updating again using --verbose [!] -) If you see SSL/TLS related error messages you have to fix your local TLS setup [!] -) Windows is still not supported
moisesfaponte
commented
6 years ago sometimes is timeout and other checksum not match i try to understand plugins.json: checksums do not match (local: acdb7c8fc2c4375e4aedc27e3ef0f62a53c972daed98ba9a9908ea615e636bfda0b9c553b108e6dc7dd159ff67c7557040000f8a4ecd73784f5a08bfc6ac37dc remote: 46dd2aeb02160f9ef9ff293ba104e914c5fbcce25e6a84bd5e680aa60a739fe7a720c4b4e7edcb58d9701358dc0cd34556342100d4cdd1be4cfa5f951b24c731) [!] Current Version: 2.9.4 [!] Downloaded File Content: {"theme-my-login":{"latest_version":"7.0.10","last_updated":"2018-08-02T22:18:00.000Z","popular":true,"vulnerabilities":[{"id":6043,"title":"Theme My Login 6.3.9 - Local File Inclusion","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2015-05-15T13:47:24.000Z","published_date":null,"vuln_type":"LFI","references":{"url":["http://packetstormsecurity.com/files/127302/","http://seclists.org/fulldisclosure/2014/Jun/172","http://www.securityfocus.com/bid/68254/","https://security.dxw.com/advisorie ......... 00k-sites-subscriber-lists/","https://blog.threatpress.com/vulnerability-email-subscribers-plugin/","https://plugins.trac.wordpress.org/changeset/1805691/email-subscribers"],"cve":["2018-6015"]},"fixed_in":"3.4.8"},{"id":9101,"title":"Email Subscribers \u0026 Newsletters \u003c= 3.4.12 - Cross-Site Scripting (XSS)","created_at":"2018-06-28T10:18:09.000Z","updated_at":"2018-06-28T10:18:20.000Z","published_date":"2018-05-28T00:00:00.000Z","vuln_type":"XSS","references":{"url":["http://jvn.jp/en/jp
erwanlr
commented
6 years ago I would try with --connect-timeout 360 --request-timeout 500
If you have timeouts, increase the --connect-timeout, if you have checksum errors increase the --request-timeout
moisesfaponte
commented
6 years ago SOLVED!!! root@kendal01:~# wpscan --update --verbose --connect-timeout 900 --request-timeout 900
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 2.9.4
Sponsored by Sucuri - https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_[i] Updating the Database ... [+] Checking: local_vulnerable_files.xml [i] Already Up-To-Date [+] Checking: local_vulnerable_files.xsd [i] Already Up-To-Date [+] Checking: timthumbs.txt [i] Already Up-To-Date [+] Checking: user-agents.txt [i] Already Up-To-Date [+] Checking: wp_versions.xml [i] Already Up-To-Date [+] Checking: wp_versions.xsd [i] Already Up-To-Date [+] Checking: wordpresses.json [i] Already Up-To-Date [+] Checking: plugins.json [i] Needs to be updated [i] Backup Created [i] Downloading new file: https://data.wpscan.org/plugins.json [i] Downloaded File Checksum: 46dd2aeb02160f9ef9ff293ba104e914c5fbcce25e6a84bd5e680aa60a739fe7a720c4b4e7edcb58d9701358dc0cd34556342100d4cdd1be4cfa5f951b24c731 [i] Database File Checksum : 46dd2aeb02160f9ef9ff293ba104e914c5fbcce25e6a84bd5e680aa60a739fe7a720c4b4e7edcb58d9701358dc0cd34556342100d4cdd1be4cfa5f951b24c731 [i] Deleting Backup [+] Checking: themes.json [i] Needs to be updated [i] Backup Created [i] Downloading new file: https://data.wpscan.org/themes.json [i] Downloaded File Checksum: dc2e70dcfd4e588d4f1f7c459b4af7fa402f8d297c59fae762006ab1ad88ca70182be6f10d658783e7b07903a2e89bafc7026bedd7b3cb5dfcf6531c0e0ae3e1 [i] Database File Checksum : dc2e70dcfd4e588d4f1f7c459b4af7fa402f8d297c59fae762006ab1ad88ca70182be6f10d658783e7b07903a2e89bafc7026bedd7b3cb5dfcf6531c0e0ae3e1 [+] Checking: LICENSE [i] Needs to be updated [i] Backup Created [i] Downloading new file: https://data.wpscan.org/LICENSE [i] Downloaded File Checksum: 2963e85afaf80aa0b377f78f30527ddd89236780b2052a45ad89179677910244533b487779f265d96142763db515146547bca53590f1bde0c8bae0c80def934a [i] Database File Checksum : 2963e85afaf80aa0b377f78f30527ddd89236780b2052a45ad89179677910244533b487779f265d96142763db515146547bca53590f1bde0c8bae0c80def934a [i] Update completed root@kendal01:~# thanks a lot for help
narasimha-swamy
commented
4 years ago While trying to update I am getting the 403 error as
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 2.9.4
Sponsored by Sucuri - https://sucuri.net@WPScan, @ethicalhack3r, @erwan_lr, @FireFart
[i] Updating the Database ...
Scan Aborted: Unable to get https://data.wpscan.org/plugins.json.sha512 (status: 403)
firefart
hi. I'm having this error since yesterday. uninstall and reinstall wpscan but continue with outdated databases and it does not allow me to work.
[i] Updating the Database ...
[!] Unable to get https://data.wpscan.org/plugins.json (Timeout was reached) root@kendal01:~# wpscan --update --verbose connect-timeout 360
[i] Updating the Database ... [+] Checking: local_vulnerable_files.xml [i] Already Up-To-Date [+] Checking: local_vulnerable_files.xsd [i] Already Up-To-Date [+] Checking: timthumbs.txt [i] Already Up-To-Date [+] Checking: user-agents.txt [i] Already Up-To-Date [+] Checking: wp_versions.xml [i] Already Up-To-Date [+] Checking: wp_versions.xsd [i] Already Up-To-Date [+] Checking: wordpresses.json [i] Already Up-To-Date [+] Checking: plugins.json [i] Needs to be updated [i] Backup Created [i] Downloading new file: https://data.wpscan.org/plugins.json [i] Downloaded File Checksum: 1e3ac69e115686398275f2b80e30212856b3f7c37c38e64bda1b2a608f3b291e57db58c604af315ce4a96d00745732958bd39e9f446af820da556761f1a3cae5 [i] Database File Checksum : 3fbbdd58e0e024fa97b307051482d0eca662f278d2e153ea8e704d84c3ecf7abb1c92ef5a51661063720afee1be58199fc8892c9553c278d0a0003c7204e46b1 [i] Restoring Backup due to error [i] Deleting Backup [!] plugins.json: checksums do not match (local: 1e3ac69e115686398275f2b80e30212856b3f7c37c38e64bda1b2a608f3b291e57db58c604af315ce4a96d00745732958bd39e9f446af820da556761f1a3cae5 remote: 3fbbdd58e0e024fa97b307051482d0eca662f278d2e153ea8e704d84c3ecf7abb1c92ef5a51661063720afee1be58199fc8892c9553c278d0a0003c7204e46b1) [!] Current Version: 2.9.4 [!] Downloaded File Content: {"theme-my-login":{"latest_version":"7.0.10","last_updated":"2018-08-02T22:18:00.000Z","popular":true,"vulnerabilities":[{"id":6043,"title":"Theme My Login 6.3.9 - Local File Inclusion","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2015-05-15T13:47:24.000Z","published_date":null,"vuln_type":"LFI","references":{"url":["http://packetstormsecurity.com/files/127302/","http://seclists.org/fulldisclosure/2014/Jun/172","http://www.securityfocus.com/bid/68254/","https://security.dxw.com/advisorie ......... ted":"2016-12-09T10:28:00.000Z","popular":false,"vulnerabilities":[]},"comment-relish":{"latest_version":null,"last_updated":null,"popular":false,"vulnerabilities":[]},"comment-reply-by-admins-notifier":{"latest_version":"2.0","last_updated":"2013-07-26T09:29:00.000Z","popular":false,"vulnerabilities":[]},"comment-reply-notification":{"latest_version":"1.4","last_updated":"2010-10-13T03:12:00.000Z","popular":false,"vulnerabilities":[]},"comment-reply-notifier":{"latest_version":"1.0","last_updat
[!] Some hints to help you with this issue: [!] -) Try updating again using --verbose [!] -) If you see SSL/TLS related error messages you have to fix your local TLS setup [!] -) Windows is still not supported
'
thanks in advance for help