search

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
https://wpscan.com/wordpress-cli-scanner
Other
8.57k stars 1.26k forks source link

Unable to run wpscan with the latest Docker image, (digest fcf3baeeecfa), /wpscan/.wpscan/db is not writable #1661

Closed nazarii-piontko closed 3 years ago

nazarii-piontko commented 3 years ago

It is not possible to run wpscan with Docker with the latest tag (digest fcf3baeeecfa).

Error output:

{
  "scan_aborted": "/wpscan/.wpscan/db is not writable",
  "target_url": "WORDPRESS_URL_HERE",
  "trace": [
    "/usr/local/bundle/gems/wpscan-3.8.18/lib/wpscan/db/updater.rb:27:in `initialize'",
    "/usr/local/bundle/gems/wpscan-3.8.18/app/controllers/core.rb:24:in `new'",
    "/usr/local/bundle/gems/wpscan-3.8.18/app/controllers/core.rb:24:in `local_db'",
    "/usr/local/bundle/gems/wpscan-3.8.18/app/controllers/core.rb:53:in `before_scan'",
    "/usr/local/bundle/gems/cms_scanner-0.13.5/lib/cms_scanner/controllers.rb:46:in `each'",
    "/usr/local/bundle/gems/cms_scanner-0.13.5/lib/cms_scanner/controllers.rb:46:in `block in run'",
    "/usr/local/lib/ruby/3.0.0/timeout.rb:80:in `timeout'",
    "/usr/local/bundle/gems/cms_scanner-0.13.5/lib/cms_scanner/controllers.rb:45:in `run'",
    "/usr/local/bundle/gems/cms_scanner-0.13.5/lib/cms_scanner/scan.rb:24:in `run'",
    "/usr/local/bundle/gems/wpscan-3.8.18/bin/wpscan:17:in `block in <top (required)>'",
    "/usr/local/bundle/gems/cms_scanner-0.13.5/lib/cms_scanner/scan.rb:15:in `initialize'",
    "/usr/local/bundle/gems/wpscan-3.8.18/bin/wpscan:6:in `new'",
    "/usr/local/bundle/gems/wpscan-3.8.18/bin/wpscan:6:in `<top (required)>'",
    "/usr/local/bundle/bin/wpscan:23:in `load'",
    "/usr/local/bundle/bin/wpscan:23:in `<main>'"
  ]
}

docker run command:

docker run --rm --network host wpscanteam/wpscan:latest --url "WORDPRESS_URL_HERE" --enumerate "vp,vt,cb,dbe" --plugins-threshold 100 --themes-threshold 50 --format json --throttle 100 --no-banner

P.S. real wordpress URL is replaced by WORDPRESS_URL_HERE

icetee commented 3 years ago

Yes, not working in the new Docker release. The older version is works.

docker run -it --rm wpscanteam/wpscan --url https://random.ltd --enumerate u1-100 -> /wpscan/.wpscan/db is not writable

docker run -it --rm wpscanteam/wpscan:3.8.18 --url https://random.ltd --enumerate u1-100 -> works

firefart commented 3 years ago

image the file permissions on the referenced image look ok to me. Did you mount your home directory into the container or smth like this?

nazarii-piontko commented 3 years ago

No, I did not mount anything, the command I've used, specified above. As already mentioned, the earlier version works fine, I've checked it as well.

firefart commented 3 years ago

Do you still have the image version that causes problems? If so can you please run a

docker run --rm -it --entrypoint "" wpscanteam/wpscan:TAG /bin/sh

and screenshot or paste the folder permissions of /wpscan/.wpscan/db here?

nazarii-piontko commented 3 years ago

Unfortunately, I do not have this image anymore. Maybe @icetee still has it?

Also, I tried with a new latest image (digest 21cbe4b5a992) and can confirm it works for me now.

nazarii-piontko commented 3 years ago

Interesting situation, the latest version works on my laptop (Ubuntu 21.04, kernel 5.11.0-25-generic), but does not work on my server (Debian 10, kernel 4.19.0-13-cloud-amd64).

Error: Scan Aborted: /wpscan/.wpscan/db is not writable (uid: 1000, gid: 1000)

Permissions of db directory:

total 17M    
drwxr-sr-x    2 wpscan   wpscan      4.0K Aug  4 15:52 .
drwxr-sr-x    3 wpscan   wpscan      4.0K Aug  4 15:52 ..
-rw-r--r--    1 wpscan   wpscan        25 Aug  4 15:52 .last_update
-rw-r--r--    1 wpscan   wpscan      3.3K Aug  4 15:52 LICENSE
-rw-r--r--    1 wpscan   wpscan      2.4K Aug  4 15:52 config_backups.txt
-rw-r--r--    1 wpscan   wpscan      1.1K Aug  4 15:52 db_exports.txt
-rw-r--r--    1 wpscan   wpscan      2.5M Aug  4 15:52 dynamic_finders.yml
-rw-r--r--    1 wpscan   wpscan     11.1M Aug  4 15:52 metadata.json
-rw-r--r--    1 wpscan   wpscan        49 Aug  4 15:52 sponsor.txt
-rw-r--r--    1 wpscan   wpscan    123.2K Aug  4 15:52 timthumbs-v3.txt
-rw-r--r--    1 wpscan   wpscan      3.2M Aug  4 15:52 wp_fingerprints.json

It works with 3.8.18 tag.

Has 3.8.18 WPScan.DB.Updater? repo_directory.writable does not pass verification.

firefart commented 3 years ago

Do you have another (probably older) version of Docker installed on your Debian server? Maybe this is some kind of docker glitch with older versions and images built using buildkit? The writeable? call was also there in 3.8.18 but the latest image was not built on dockerhub anymore

nazarii-piontko commented 3 years ago

Yes, you are right, the docker version was 20.10.1. After upgrade to the latest docker version (20.10.8), it starts to work. I guess, it is important to have the latest containerd.io version rather than docker itself.

This is quite strange behavior. But at least we know some reason for that :) You may close the issue.