Closed pvdl closed 9 years ago
????? What do you mean with this issue? The site is generated using github pages and the sitemap gem.
Or do you mean wpscan should detect a sitemap?
WPScan of course.
Jeah but the normal sitemap.xml is currently only checked to determine the wordpress version. Did you mean this, or do you want a passive detection of sitemaps?
I mean: WPScan searches for the existence of sitemap.xml but should also search for sitemap.xml.gz to determine the version. In case a website doesn't have the default sitemap.xml, maybe there is a compressed one: sitemap.xml.gz
We only use sitemap.xml
for version detection I think, which comes by default with WP. I don't think WP creates a sitemap.xml.gz
file by default so I assume it probably won't contain any useful info (wp version) if in the rare cases that it does exist.
Do you have an example of sitemap.xml.gz containing the version ?
Hunting for a real world example. I saw on the internet a discussion about the compressed .gz WordPress sitemap (sorry didn't bookarked it :( )
I was unable to find sites with sitemap.xml.gz without sitemap.xml file.
@fgeek. I 'agree' there are not many sites which have ONLY the .gz file. Maybe none have ONLY the .gz file Google dork: inurl:sitemap.xml.gz
Example: http://onespokane.com/sitemap.xml http://onespokane.com/sitemap.xml.gz
The dilemma is: Make a search for 'very unique' circumstances or not.
Agreed. At least the .gz file should be in "Interesting files" section if not in version detection logic if it is not already there. I have at least noticed that .xml was updated but .xml.gz was not. I'm not sure if this is very useful information. Maybe with verbose mode activated?
Just throwing ideas out in the open :)
Yeah. That's a good solution. :+1: @fgeek and @erwanlr
Being tracked here - https://github.com/wpscanteam/CMSScanner/issues/8
Closing
This is the compressed version.