wpscan --update (checksums do not match)

[sunilsong]

themes.json: checksums do not match (local: c87e53e4888d734ea98c5987f95fe1a26725ccdd42d97b86172d2b116643bc753910e378f5e5d0de64034ef27ff90b9d026602c8fbd477260e83d33ce4915590 remote: 046df8e68d1843aadb1134e3a0ffbe48e0348d36a683a615c92d75eb66fddd5e09be11946919375d5f5e99a290719a9860859e2bf47d6b35c432ddaeb4a4e6af) I am using ruby version 2.3.1.

[firefart]

➜  ~ curl -s data.wpscan.org/themes.json | sha512sum
046df8e68d1843aadb1134e3a0ffbe48e0348d36a683a615c92d75eb66fddd5e09be11946919375d5f5e99a290719a9860859e2bf47d6b35c432ddaeb4a4e6af  -
➜  ~ curl data.wpscan.org/themes.json.sha512
046df8e68d1843aadb1134e3a0ffbe48e0348d36a683a615c92d75eb66fddd5e09be11946919375d5f5e99a290719a9860859e2bf47d6b35c432ddaeb4a4e6af

We switched to another CDN yesterday I will investigate if there was an error on cache invalidation

[sunilsong]

Thank you!

I got : $ curl -s data.wpscan.org/themes.json | sha512sum c87e53e4888d734ea98c5987f95fe1a26725ccdd42d97b86172d2b116643bc753910e378f5e5d0de64034ef27ff90b9d026602c8fbd477260e83d33ce4915590 - $ curl data.wpscan.org/themes.json.sha512 046df8e68d1843aadb1134e3a0ffbe48e0348d36a683a615c92d75eb66fddd5e09be11946919375d5f5e99a290719a9860859e2bf47d6b35c432ddaeb4a4e6af

[ethicalhack3r]

OK for me in France:

$ curl -s data.wpscan.org/themes.json | shasum -a 512
046df8e68d1843aadb1134e3a0ffbe48e0348d36a683a615c92d75eb66fddd5e09be11946919375d5f5e99a290719a9860859e2bf47d6b35c432ddaeb4a4e6af  -

$ curl data.wpscan.org/themes.json.sha512
046df8e68d1843aadb1134e3a0ffbe48e0348d36a683a615c92d75eb66fddd5e09be11946919375d5f5e99a290719a9860859e2bf47d6b35c432ddaeb4a4e6af

DNS is fine everywhere (except Thailand) https://www.whatsmydns.net/#A/data.wpscan.org

[firefart]

@sunilsong can you please try again? I manually invalidated the cache, let's see if this resolves this issue

[tyaakow]

Issue with plugins.json still here.

[firefart]

because I only invalidated themes.json for now so we can investigate

[sunilsong]

Great !! It worked for me now. Thank you !!

[firefart]

@tjankov can you please try again?

[tyaakow]

Worked now.

[firefart]

@tjankov @sunilsong new day, new data files. Can you please try again? I think I forgot to restart a process on the server when I deployed the cache invalidation changes

[Stumpftopf]

@FireFart Still not working. :-( themes.json: checksums do not match (local: 0b769da7c48759e5a9e03462b0b76e50806cb00fba445bfa6735c380a78a7ecd0f2b60c65e3018b5c522271620c43408e2f5e343d3544d64427d2fd1755fc52c remote: 046df8e68d1843aadb1134e3a0ffbe48e0348d36a683a615c92d75eb66fddd5e09be11946919375d5f5e99a290719a9860859e2bf47d6b35c432ddaeb4a4e6af)

[emiliomg]

Same problem here with a freshly cloned wpscan:

$ ./wpscan.rb --update
(...)
[!] plugins.json: checksums do not match (local: 3cc4734449619451769e1b2ad285477bbabb98110bf0b6ca5ee3fb7f256ae7366a60a9f9810a5733469eaa759a8d0134f2f728204e09b0c471ae0a87df6a5bf1 remote: cf77dc04cea85fb23b217ca773be782e48b54aa6da5ebceb4ba376feb6527e5d592a11603cca5d684a873e6ba69d146a3ba1cd072c701baa31f2aa86b61e5a99)

$ ./wpscan.rb --version
(...)
Current version: 2.9.1

[firefart]

@emiliomg can you please try again?

[emiliomg]

@FireFart Success, even with a freshly cloned wpscan!

$ ./wpscan.rb --update
(...)
[i] Updating the Database ...
[i] Update completed.

[firefart]

@tjankov @sunilsong are you guys still getting errors?

[sunilsong]

Working fine for me.

[tyaakow]

Was fixed for me when @FireFart (?) invalidated cache 6 days ago?

[exploitprotocol]

@ethicalhack3r @FireFart Still facing this issue. Any workaround ?

[firefart]

@exploitprotocol can you please provide the following information (all executed from the server failing to update):

curl 'https://data.wpscan.org/cdn-cgi/trace'

curl -s data.wpscan.org/plugins.json | sha512sum

curl -s data.wpscan.org/plugins.json.sha512

curl -s data.wpscan.org/themes.json | sha512sum

curl -s data.wpscan.org/themes.json.sha512

Thanks!

[firefart]

@exploitprotocol also: which version of wpscan are you running?

[exploitprotocol]

Hey @FireFart , sorry for the delay. Actually i was not facing this issue, this was with one of PentestBox user. I am reporting on his behalf.

Here is the output:

C:\

curl -s data.wpscan.org/plugins.json | sha512sum f031f4cff2d2e92cadb6f65f738b484abffa925010a9716c57862969f9bd98aec3a1c06cdd51500abbcf6de3d157780b39c8e4242337517e36881ee4a5f0aa33 *-

C:\

curl -s data.wpscan.org/plugins.json.sha512 f031f4cff2d2e92cadb6f65f738b484abffa925010a9716c57862969f9bd98aec3a1c06cdd51500abbcf6de3d157780b39c8e4242337517e36881ee4a5f0aa33

C:\

curl -s data.wpscan.org/themes.json | sha512sum 347af9f309a611f7648381cc04ab6198a1c20236f03748deb015888b88d9edd5426d0b0803ad605235c778cdea06bc8d247034f34686fff9221d8d663126abe4 *-

C:\

curl -s data.wpscan.org/themes.json.sha512 347af9f309a611f7648381cc04ab6198a1c20236f03748deb015888b88d9edd5426d0b0803ad605235c778cdea06bc8d247034f34686fff9221d8d663126abe4

Wordpress Version: 2.9.1

Thanks

[firefart]

@exploitprotocol so the caching issue does not exist any more for this user. But we are still in contact with cloudflare because of an issue with their cache invalidation API

[van7hu]

I have this problem today.

van7hu@van7hu-Inspiron-5458:~$ curl -s data.wpscan.org/plugins.json | shasum -a 512
2223008a3be2737599da6332f01cf54190754dcfc1d72fd2a0bb6de5782a18c1e55ba652f6c8f7dda21027dd0b40835cb2da6de1855390c19b7aed100fecb7b9  -
van7hu@van7hu-Inspiron-5458:~$ curl -s data.wpscan.org/plugins.json.sha512
cf55bb2019ffd51423413819ac2245520da79d0b9e12de5294dcb99e10fc261192486af8a90215327538488d02bb1cc059eb277b4f3329599c94d3a58810e1e3

[firefart]

@van7hu can you please post the output of

curl 'https://data.wpscan.org/cdn-cgi/trace'

? This is the info the guys over at cloudflare need to investigate this issue

[aaroncrawford]

@FireFart I'm receiving the checksum error as well when I try to update. Same file - plugins.json. Here's the output of the curl :

fl=15f71 h=data.wpscan.org ip=2601:2c5:c300:18:2ccf:ca90:47cf:ff67 ts=1469911040.177 visit_scheme=https uag=curl/7.47.0 colo=DFW spdy=off http=http/1.1 loc=US

Thanks for looking into it.

[firefart]

@aaroncrawford @van7hu can you create a HAR file for this file on this server? (https://support.cloudflare.com/hc/en-us/articles/203118044-How-do-I-generate-a-HAR-file-) For both files: https://data.wpscan.org/plugins.json https://data.wpscan.org/plugins.json.sha512

[aaroncrawford]

Sure, here you go.

har.zip

[firefart]

@aaroncrawford interesting....the har file says

"text": "<html>\n<head><title>403 Forbidden</title></head>\n<body>\n<h1>403 Forbidden</h1>\n<ul>\n<li>Code: AccessDenied</li>\n<li>Message: Access Denied</li>\n<li>RequestId: 3BA278190FA9ECCE</li>\n<li>HostId: T6xmhohb6/ivL/Uj0njjNqpSsZwdP4cWXAtCRKZGYc+gLz2mD7yLJRrA15X/P1DSG9UVweCNHNM=</li>\n</ul>\n<hr/>\n</body>\n</html>\n"

The link you called is correct, so it seems like there is an access issue. Are you able to access the file in your browser and view the contents?

[aaroncrawford]

Ya - here are the files that I see.

http://d.pr/f/n9wm http://d.pr/f/aBU

On Mon, Aug 1, 2016 at 3:50 PM, Christian Mehlmauer < notifications@github.com> wrote:

@aaroncrawford https://github.com/aaroncrawford interesting....the har file says

"text": "\n\n\n

403 Forbidden

\n

\n
• Code: AccessDenied
\n
• Message: Access Denied
\n
• RequestId: 3BA278190FA9ECCE
\n
• HostId: T6xmhohb6/ivL/Uj0njjNqpSsZwdP4cWXAtCRKZGYc+gLz2mD7yLJRrA15X/P1DSG9UVweCNHNM=
\n

\n

---

\n\n\n"

The link you called is correct, so it seems like there is an access issue. Are you able to access the file in your browser and view the contents?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/wpscanteam/wpscan/issues/958#issuecomment-236703504, or mute the thread https://github.com/notifications/unsubscribe-auth/ADDhrP2l8QqHx_e-tnqmtX0TP01yKBo_ks5qblwEgaJpZM4I6q39 .

[firefart]

@aaroncrawford @van7hu @exploitprotocol @tjankov @sunilsong @emiliomg @Stumpftopf are you guys still getting caching errors or has it stopped?

[Stumpftopf]

@FireFart It seems to work: [i] Updating the Database ... [+] Checking local_vulnerable_files.xml [i] Already Up-To-Date [+] Checking local_vulnerable_files.xsd [i] Already Up-To-Date [+] Checking timthumbs.txt [i] Already Up-To-Date [+] Checking user-agents.txt [i] Already Up-To-Date [+] Checking wp_versions.xml [i] Already Up-To-Date [+] Checking wp_versions.xsd [i] Already Up-To-Date [+] Checking wordpresses.json [i] Already Up-To-Date [+] Checking plugins.json [i] Already Up-To-Date [+] Checking themes.json [i] Already Up-To-Date [+] Checking LICENSE [i] Already Up-To-Date [i] Update completed.

[mauricejohn]

---

    __          _______   _____                  
    \ \        / /  __ \ / ____|                 
     \ \  /\  / /| |__) | (___   ___  __ _ _ __  
      \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
       \  /\  /  | |     ____) | (__| (_| | | | |
        \/  \/   |_|    |_____/ \___|\__,_|_| |_|

    WordPress Security Scanner by the WPScan Team 
                   Version 2.9.1
      Sponsored by Sucuri - https://sucuri.net

@WPScan, @ethicalhack3r, @erwan_lr, pvdl, @FireFart

---

[i] It seems like you have not updated the database for some time. [?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]Y [i] Updating the Database ...

[!] themes.json: checksums do not match (local: 30cd13897fc29d9fda9e81a99645257fa87f405e47c52bc42b9acbf1038e5fd597b23d612b829cdd9685717cc6ee39904e025e579e708872f3a83b9b420a4a22 remote: 4bc42a67ece8bec75c3f01281eb655185f389104182341e193bd951cd4744bb07ec277ddc34d0b6f20660a8b7b1b43b9eeb1f3b87aa5473cbe3770e4eac6d1e2)

[xloader]

plugins.json: checksums do not match (local: 1c16eb0c6268285bc90996bed12d285ba6cba5467d6a3ebc5018269097012038d3121bc4565ae0603b2c6de8d22d1728db3e29fc8ec647e4d2fd91641d8d2c2d remote: fb2adea543e3c0c2b6fc356634c9cf551b8aeb03a5491ca5048c4b6f5ec38099b08e48275f06b9c1bb564d5131538f4e4a2e8417225362b3719de0ae93042707)

[firefart]

@xloader if you are using the latest github version, it would be great if you can update and try again. I implemented some additional output when an checksum error occurs

[mauricejohn]

Good day,

After a few retries the database updated.

[s4n7h0]

@ethicalhack3r @FireFart I'm using the latest clone from github and getting following error

[!] plugins.json: checksums do not match (local: cebb95092bc0441c248cf132149a85dff5f5dc8a773db674a4a6d8397e7a6199a29d29bad44788137c8676b95c7fd28139e8eceeb0b1fa3de93d1818204e6bf6 remote: 44cfc9a64e9f8c871d4821ff2285b7f48252e096a336d799b2ba11ad3974d846b4a1a4f0be7fd3695903c3ba2e36ef408fdc8bec18356830892dc09dbd912d13) [!] Downloaded File Content: {"theme-my-login":{"latest_version":"6.4.5","last_updated":"2016-05-22T00:23:00.000Z","popular":true,"vulnerabilities":[{"id":6043,"title":"Theme My Login 6.3.9 - Local File Inclusion","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2015-05-15T13:47:24.000Z","published_date":null,"references":{"url":["http://packetstormsecurity.com/files/127302/","http://seclists.org/fulldisclosure/2014/Jun/172","http://www.securityfocus.com/bid/68254/","https://security.dxw.com/advisories/lfi-in-theme-my-l .........

[!] Cloudflare Info: fl=35f47 h=data.wpscan.org ip=[--cropped--] ts=1471326241.011 visit_scheme=https uag=WPScan v2.9.1 (http://wpscan.org) colo=SIN spdy=off http=http/1.1 loc=[--cropped--]

[firefart]

@s4n7h0 thanks. The cloudflare info is essential for Cloudflare to track down the caching issue. Could you please at least provide the LOC Parameter? You could also send the whole output to team [at] wpscan [dot] org

Thanks

[s4n7h0]

@FireFart Interesting. when i use scanning options --url the above error happened. But when i explicitly used --update, it's updated with no errors.

[firefart]

@s4n7h0 because there are caching issues on our CDN. That's why we need the additional info when an caching error happened.

[backendfrenchninja]

I get a problem when I try to update wpscan from a fresh install made on macOS, can you help me? (install made from github clone)

[i] Updating the Database ...
[!] plugins.json: checksums do not match (local: cebb95092bc0441c248cf132149a85dff5f5dc8a773db674a4a6d8397e7a6199a29d29bad44788137c8676b95c7fd28139e8eceeb0b1fa3de93d1818204e6bf6 remote: 44cfc9a64e9f8c871d4821ff2285b7f48252e096a336d799b2ba11ad3974d846b4a1a4f0be7fd3695903c3ba2e36ef408fdc8bec18356830892dc09dbd912d13)
[!] Downloaded File Content:
{"theme-my-login":{"latest_version":"6.4.5","last_updated":"2016-05-22T00:23:00.000Z","popular":true,"vulnerabilities":[{"id":6043,"title":"Theme My Login 6.3.9 - Local File Inclusion","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2015-05-15T13:47:24.000Z","published_date":null,"references":{"url":["http://packetstormsecurity.com/files/127302/","http://seclists.org/fulldisclosure/2014/Jun/172","http://www.securityfocus.com/bid/68254/","https://security.dxw.com/advisories/lfi-in-theme-my-l
.........

[!] Cloudflare Info:
fl=35f25
h=data.wpscan.org
ip=119.42.67.155
ts=1471337978.453
visit_scheme=https
uag=WPScan v2.9.1 (http://wpscan.org)
colo=SIN
spdy=off
http=http/1.1
loc=TH

[!] Please submit this info as an Github issue

[modelm]

Another case of the same problem (latest revision from github manual install):

[i] Updating the Database ...
[!] themes.json: checksums do not match (local: 62965de146bbde6ac85ee8cd4b95108c7313d55f06734df53c347ea777d72ffc72e448677545e25b8983e106b65fc46919dd4a8542a8e7814e6241979bb4d0c7 remote: a573c8b018eb07f034d02247e6781e3843ab22817950b55ecff9f94d60ce2412e97dada63e71300ce56eda7d036bb3725c8418050c7fe69ee2388e50078970d3)
[!] Downloaded File Content:
{"crius":{"latest_version":null,"last_updated":null,"popular":false,"vulnerabilities":[{"id":7306,"title":"Crius - VideoJS Cross-Site Scripting ","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2015-05-15T13:48:44.000Z","published_date":null,"references":{"url":["http://seclists.org/fulldisclosure/2013/May/77"],"secunia":["53427"]},"vuln_type":"XSS","fixed_in":null}]},"source":{"latest_version":null,"last_updated":null,"popular":false,"vulnerabilities":[{"id":7307,"title":"Source - VideoJS 
.........

[!] Cloudflare Info:
fl=16f9
h=data.wpscan.org
ip=54.173.49.158
ts=1471626188.536
visit_scheme=https
uag=WPScan v2.9.1 (http://wpscan.org)
colo=IAD
spdy=off
http=http/1.1
loc=US

[!] Please submit this info as an Github issue

[firefart]

@modelm thx i forwarded the info to cloudflare. Is the machine having problems behind a proxy server or is it connected directly to the internet?

[albarki]

Same error here, CentOS6 fresh manual install, last version from github

[i] Updating the Database ...
[!] themes.json: checksums do not match (local: eaa91a87119342c020ed2ca136edd08715ee36492fac260bd4cbed84de4b82163b8cfa38d691dad96c880a8134b69021295ee764910e5ae3b784b84397eea5da remote: e397990628de622d18915d0895c74899524e49da3debc85acbe8bd796fffa6e9a0d304290ea61bdbfa132f5a2f16f3f3ff026b3841613a3b5909c0c96017ca97)
[!] Downloaded File Content:
{"crius":{"latest_version":null,"last_updated":null,"popular":false,"vulnerabilities":[{"id":7306,"title":"Crius - VideoJS Cross-Site Scripting ","created_at":"2014-08-01T10:59:16.000Z","updated_at":"2015-05-15T13:48:44.000Z","published_date":null,"references":{"url":["http://seclists.org/fulldisclosure/2013/May/77"],"secunia":["53427"]},"vuln_type":"XSS","fixed_in":null}]},"source":{"latest_version":null,"last_updated":null,"popular":false,"vulnerabilities":[{"id":7307,"title":"Source - VideoJS 
.........

[!] Cloudflare Info:
fl=71f84
h=data.wpscan.org
ip=2a01:4f8:130:246e::2
ts=1471875424.753
visit_scheme=https
uag=WPScan v2.9.1 (http://wpscan.org)
colo=FRA
spdy=off
http=http/1.1
loc=DE

[!] Please submit this info as an Github issue

[modelm]

@FireFart that machine is directly connected, no proxy, other network connections working fine

[firefart]

@modelm @albarki are you guys still getting the caching errors?

[modelm]

Nope, works ok for me now.

[albarki]

@FireFart No, it is working now, thanks

[CounterForce]

I have the exact same issue. I'm working on a Kali Linux in Virtual Box. I tried to uninstall everything from WPscan from Kali and reinstalling it again but it doesn't fix the issue.

`root@kali:/opt/wpscan# ./wpscan.rb --update

---

    __          _______   _____                  
    \ \        / /  __ \ / ____|                 
     \ \  /\  / /| |__) | (___   ___  __ _ _ __  
      \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
       \  /\  /  | |     ____) | (__| (_| | | | |
        \/  \/   |_|    |_____/ \___|\__,_|_| |_|

    WordPress Security Scanner by the WPScan Team 
                   Version 2.9.1
      Sponsored by Sucuri - https://sucuri.net

@WPScan, @ethicalhack3r, @erwan_lr, pvdl, @FireFart

---

[i] Updating the Database ... [!] wp_versions.xml: checksums do not match (local: 0a43a016b35cda1f1d2c9527999aae33996955501d1350479412f60e70de67f61c5a3b706d2300afe53b2cc493ed9dbdad276232e526466bf3285df360337516 remote: b79a6fd8b7537233f62e282d3dc49f279aa0309dd874dad9562f538593e84e2921452ee5177618f05cfb25f6a432fd3533b22dd225db8809cf87b14c896ef6e9) [!] Downloaded File Content: <?xml version="1.0" encoding="UTF-8"?>

<wp-versions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="wp_versions.xsd">

4.5.2 ......... [!] Cloudflare Info: fl=78f1 h=data.wpscan.org ip=2a02:1810:3601:be00:6d93:86c3:e00d:8866 ts=1473092827.297 visit_scheme=https uag=WPScan v2.9.1 (http://wpscan.org) colo=BRU spdy=off http=http/1.1 loc=BE [!] Please submit this info as an Github issue root@kali:/opt/wpscan# curl 'https://data.wpscan.org/cdn-cgi/trace' fl=78f7 h=data.wpscan.org ip=2a02:1810:3601:be00:6d93:86c3:e00d:8866 ts=1473092897.736 visit_scheme=https uag=curl/7.50.1 colo=BRU spdy=h2 http=h2 loc=BE root@kali:/opt/wpscan# curl -s data.wpscan.org/plugins.json | sha512sum c92b901cb5e9f54b8ca848c7532dbf3d18b3049a85c6518788e5d3e5a0f3e20e9a67b2ea91d8e5e7f3f80e1cb72582c4f6ac05fb691355f3d00f278589462ae2 - root@kali:/opt/wpscan# curl -s data.wpscan.org/plugins.json.sha512 c92b901cb5e9f54b8ca848c7532dbf3d18b3049a85c6518788e5d3e5a0f3e20e9a67b2ea91d8e5e7f3f80e1cb72582c4f6ac05fb691355f3d00f278589462ae2root@kali:/opt/wpscan# curl -s data.wpscan.org/themes.json | sha512sum 5c45b0ca74deb1c87b42250cf8e7507b1e0c1395068542467d5e0e52bf05e429cd5b124ac08fdbe71aab55849837163995d2289ae86a0541c62f6ee706cd9bac - root@kali:/opt/wpscan# curl -s data.wpscan.org/themes.json.sha512 5c45b0ca74deb1c87b42250cf8e7507b1e0c1395068542467d5e0e52bf05e429cd5b124ac08fdbe71aab55849837163995d2289ae86a0541c62f6ee706cd9bac`

[firefart]

thx @CounterForce ! I forwarded the info to the cloudflare team

[viki060892]

hi sir i have faced this error for updating wpscan: local_vulnerable_files.xml: checksums do not match