search

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
https://wpscan.com/wordpress-cli-scanner
Other
8.63k stars 1.27k forks source link

False Negative #1833

Open MartinDeBeer opened 8 months ago

MartinDeBeer commented 8 months ago

Before submitting an issue, please make sure you fully read any potential error messages output and did some research on your own.

Subject of the issue

I just tried to scan a website for a bug bounty, but it keeps telling me that the site is not written in WordPress even though I can see that it is by going into the source code.

Your environment

Steps to reproduce

  1. command: wpscan --url website
  2. command: wpscan --url website --force -e vp,vt,cb,dbe it with --wp-content-dir, use the --scope option or make sure the --url
  3. command: wpscan --url website --force -e vp,vt,cb,dbe --wp-content-dir website/wp-content

Expected behavior

There are at least 2 of the plugins that I checked on the wpscan website if they are vulnerable and the website said they are

Actual behavior

  1. returns Scan Aborted: The remote website is up, but does not seem to be running WordPress.
  2. returns Scan Aborted: Unable to identify the wp-content dir, please supply value given is the correct one
  3. returns Could not detect version, no plugins found, no themes found, no config backups found and no DB exports found

What have you already tried

Tell us what you have already tried to do to fix the issue you are having.

Things you have tried (where relevant):

MartinDeBeer commented 8 months ago

I have tested wpscan with a few different websites now on kali OS and on ParrotOS and on every occasion it has told me that the website is not running wordpress even though I can confirm that it does

akirataguchi115 commented 6 months ago

Can you reproduce this issue with some other website that is no the website you have been bug bountied? Have you tried --stealthy?

MartinDeBeer commented 6 months ago

I figured it out, it is working fine now, I haven't tried stealthy, I think the user agent could have possibly been the issue, I will let you know if it happens again.

From: Akira Taguchi @.> Sent: Monday, May 6, 2024 8:48 AM To: wpscanteam/wpscan @.> Cc: MartinDeBeer @.>; Author @.> Subject: Re: [wpscanteam/wpscan] False Negative (Issue #1833)

Can you reproduce this issue with some other website that is no the website you have been bug bountied? Have you tried --stealthy?

— Reply to this email directly, view it on GitHubhttps://github.com/wpscanteam/wpscan/issues/1833#issuecomment-2095300309, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ATARRCY34TAG6X5CFQZQVGTZA4RSXAVCNFSM6AAAAABE4OT6DWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJVGMYDAMZQHE. You are receiving this because you authored the thread.Message ID: @.***>

akirataguchi115 commented 6 months ago

Good to hear you got your issue solved! Could you close this issue? Thanks again for taking the time to report this issue <3