Closed mircone closed 4 years ago
For me it doesn´t work on version 3.8 either.
I run the following command.
docker run --rm wpscanteam/wpscan -v --clear-cache --api-token ${WPVULNDB_API_KEY} --url ${URL}
i use kali where i can add my api key
@mircone
The readme refers to if you do not supply an API token at all, then WPScan will work as normal, but without showing vulnerability data from wpvulndb. If you omit the token, your scan will complete. But, maybe we should also continue the scan when an API token is supplied, but the user's limit is reached?
@L0rdShrek
What doesn't work? Are you actually running that command with ${WPVULNDB_API_KEY}
in it? Do you have Docker installed?
@BlAd373
Please refer to https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation#vulnerability-database
Hello @ethicalhack3r ,thanks for your reply.
i have docker installed and run wpscan via Gitlab Pipeline. ${WPVULNDB_API_KEY}
contains my API Key.
If my API limit is reached the docker container exit with code 4
and the message Scan Aborted: Your API limit has been reached
Trace: /usr/local/bundle/gems/wpscan-3.8.1/app/controllers/vuln_api.rb:23:in "before_scan"
/usr/local/bundle/gems/cms_scanner-0.10.0/lib/cms_scanner/controllers.rb:46:in "each"
/usr/local/bundle/gems/cms_scanner-0.10.0/lib/cms_scanner/controllers.rb:46:in "block in run"
/usr/local/lib/ruby/2.6.0/timeout.rb:76:in "timeout"
/usr/local/bundle/gems/cms_scanner-0.10.0/lib/cms_scanner/controllers.rb:45:in "run"
/usr/local/bundle/gems/cms_scanner-0.10.0/lib/cms_scanner/scan.rb:24:in "run"
/usr/local/bundle/gems/wpscan-3.8.1/bin/wpscan:17:in "block in <top (required)>"
/usr/local/bundle/gems/cms_scanner-0.10.0/lib/cms_scanner/scan.rb:15:in "initialize"
/usr/local/bundle/gems/wpscan-3.8.1/bin/wpscan:6:in "new"
/usr/local/bundle/gems/wpscan-3.8.1/bin/wpscan:6:in "<top (required)>"
/usr/local/bundle/bin/wpscan:23:in "load"
/usr/local/bundle/bin/wpscan:23:in "<main>"
ERROR: Job failed: exit code 4
PS: if there are some API Credits left, everything works fine - Big Thanks for that great work!
This is the expected behaviour. When you start a scan with an API token which has reached its limit already, it raises the API Limit error. If you want to scan w/o fetching vuln data, then simply remove the API token from the CLI.
Hello,
A "solution" would be to programatically wait 24h if your API limit is reached and re-launch the scan afterwards. This behaviour can be obtained by using WPWatcher, a Python wrapper for wpscan. Just use the --api_limit_wait
flag ;)
Hello wpscanteam,
According to the line in your Readme:
I would expect wpscan to run my scan without querying the API, instead it throws the "Your API limit has been reached" execption.
Could you maybe provide a flag that keeps the scan running instead of stopping it?
Im running on 3.7.11
Kind regards.