False Negative

[MartinDeBeer]

Before submitting an issue, please make sure you fully read any potential error messages output and did some research on your own.

Subject of the issue

I just tried to scan a website for a bug bounty, but it keeps telling me that the site is not written in WordPress even though I can see that it is by going into the source code.

Your environment

• Version of WPScan: Current Version: 3.8.25
• Version of Ruby: ruby 3.1.2p20
• Operating System (OS): kali OS

Steps to reproduce

1. command: wpscan --url website
2. command: wpscan --url website --force -e vp,vt,cb,dbe it with --wp-content-dir, use the --scope option or make sure the --url
3. command: wpscan --url website --force -e vp,vt,cb,dbe --wp-content-dir website/wp-content

Expected behavior

There are at least 2 of the plugins that I checked on the wpscan website if they are vulnerable and the website said they are

Actual behavior

1. returns Scan Aborted: The remote website is up, but does not seem to be running WordPress.
2. returns Scan Aborted: Unable to identify the wp-content dir, please supply value given is the correct one
3. returns Could not detect version, no plugins found, no themes found, no config backups found and no DB exports found

What have you already tried

Tell us what you have already tried to do to fix the issue you are having.

Things you have tried (where relevant):

• Update WPScan to the latest version [x ]
• Update Ruby to the latest version [x ]
• Ensure you can reach the target site using cURL [x ]
• Proxied WPScan through a HTTP proxy to view the raw traffic [ ]
• Ensure you are using a supported Operating System (Linux and macOS) [x ]

[MartinDeBeer]

I have tested wpscan with a few different websites now on kali OS and on ParrotOS and on every occasion it has told me that the website is not running wordpress even though I can confirm that it does

[akirataguchi115]

Can you reproduce this issue with some other website that is no the website you have been bug bountied? Have you tried --stealthy?

[MartinDeBeer]

I figured it out, it is working fine now, I haven't tried stealthy, I think the user agent could have possibly been the issue, I will let you know if it happens again.

---

From: Akira Taguchi @.> Sent: Monday, May 6, 2024 8:48 AM To: wpscanteam/wpscan @.> Cc: MartinDeBeer @.>; Author @.> Subject: Re: [wpscanteam/wpscan] False Negative (Issue #1833)

Can you reproduce this issue with some other website that is no the website you have been bug bountied? Have you tried --stealthy?

— Reply to this email directly, view it on GitHubhttps://github.com/wpscanteam/wpscan/issues/1833#issuecomment-2095300309, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ATARRCY34TAG6X5CFQZQVGTZA4RSXAVCNFSM6AAAAABE4OT6DWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJVGMYDAMZQHE. You are receiving this because you authored the thread.Message ID: @.***>

[akirataguchi115]

Good to hear you got your issue solved! Could you close this issue? Thanks again for taking the time to report this issue <3