wpscan --update (checksums do not match)

[sunilsong]

themes.json: checksums do not match (local: c87e53e4888d734ea98c5987f95fe1a26725ccdd42d97b86172d2b116643bc753910e378f5e5d0de64034ef27ff90b9d026602c8fbd477260e83d33ce4915590 remote: 046df8e68d1843aadb1134e3a0ffbe48e0348d36a683a615c92d75eb66fddd5e09be11946919375d5f5e99a290719a9860859e2bf47d6b35c432ddaeb4a4e6af) I am using ruby version 2.3.1.

[johnmckinght]

i have same problem with Kali Linux 2.0 Light

root@w00t20-l:~# cat /etc/issue.net
Kali GNU/Linux 2.0
root@w00t20-l:~# lsb_release -a
No LSB modules are available.
Distributor ID: Kali
Description:    Kali GNU/Linux 2.0
Release:    2.0
Codename:   sana

verbose results while trying to update

root@w00t20-l:~# wpscan --update --verbose
_______________________________________________________________
        __          _______   _____                  
        \ \        / /  __ \ / ____|                 
         \ \  /\  / /| |__) | (___   ___  __ _ _ __  
          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
           \  /\  /  | |     ____) | (__| (_| | | | |
            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team 
                       Version 2.8
          Sponsored by Sucuri - https://sucuri.net
   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________

[i] Updating the Database ...
[+] Checking local_vulnerable_files.xml
  [i] Needs to be updated
  [i] Backup Created
  [i] Downloading new file
  [i] Downloaded File Checksum: d9075b1f50ded87611d6eef70b2f08e2bdd21ef0eceaeaaff26aa23cbe00731009ccfdf1166eac4537eeb10d83050501222e6cdc3e5fc28daf430ef84156b27b
  [i] Database File Checksum  : �   
�@K

����v7���c8������G�.�Lf�jd�u�&�׽�"�>n�,�<��!���i�o���c��#��~�σ�
  [i] Restoring Backup due to error
  [i] Deleting Backup

[!] local_vulnerable_files.xml: checksums do not match
[!] Trace:
[!] /usr/share/wpscan/lib/common/db_updater.rb:102:in `block in update'
/usr/share/wpscan/lib/common/db_updater.rb:82:in `each'
/usr/share/wpscan/lib/common/db_updater.rb:82:in `update'
./wpscan.rb:73:in `main'
./wpscan.rb:443:in `<main>'

@FireFart is there any doc for the docker version can you point me? i would like to try that, been a while since i use wpscan thankyou

[johnmckinght]

bdw i was able to use wpscan now. i was following docker installation step until bundle install --without test

wpscan@w00t20-l:~/wpscan$ bundle install --without test
Fetching gem metadata from https://rubygems.org/...........
Fetching version metadata from https://rubygems.org/.
Resolving dependencies...
Installing addressable 2.4.0
Installing ffi 1.9.14 with native extensions
Installing mini_portile2 2.1.0
Installing pkg-config 1.1.7
Installing ruby-progressbar 1.8.1
Installing unicode-display_width 1.1.1
Installing yajl-ruby 1.2.1 with native extensions
Using bundler 1.13.1
Installing ethon 0.9.1
Installing nokogiri 1.6.8 with native extensions
Installing terminal-table 1.7.2
Installing typhoeus 1.1.0
Bundle complete! 10 Gemfile dependencies, 12 gems now installed.
Gems in the group test were not installed.
Use `bundle show [gemname]` to see where a bundled gem is installed.

updating database

wpscan@w00t20-l:~/wpscan$ ./wpscan.rb --update
_______________________________________________________________
        __          _______   _____                  
        \ \        / /  __ \ / ____|                 
         \ \  /\  / /| |__) | (___   ___  __ _ _ __  
          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
           \  /\  /  | |     ____) | (__| (_| | | | |
            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team 
                       Version 2.9.1
          Sponsored by Sucuri - https://sucuri.net
   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________

[i] Updating the Database ...
[i] Update completed.

[3n1gma30]

    __          _______   _____                  
    \ \        / /  __ \ / ____|                 
     \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
      \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
       \  /\  /  | |     ____) | (__| (_| | | | |
        \/  \/   |_|    |_____/ \___|\__,_|_| |_|

    WordPress Security Scanner by the WPScan Team 
                   Version 2.9.2
      Sponsored by Sucuri - https://sucuri.net

@WPScan, @ethicalhack3r, @erwan_lr, pvdl, @FireFart

---

[i] Updating the Database ... [!] plugins.json: checksums do not match (local: c50f51f7f4cf75584a8d1474029a79cc64af0b2f279f5c9a39fa974db4dadb3bfb4e90240bd285a376db9bbaeafc357cc17f322125b78df7a427cdd8d710c4dc remote: 9950409d87fa1b749018035e67d39494720600fe6f630e56afa8c7d5c25990927faacee39bb874a915630a8035d4a8457dc9974248b23262bb0a5c597ff12cf3) [!] Downloaded File Content: {"theme-my-login":{"latest_version":"6.4.6","last_updated":"2016-10-22T19:14:00.000Z","popular":true,"vulnerabilities":[{"id":6043,"title":"Theme My Login 6.3.9 - Local File Inclusion","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2015-05-15T13:47:24.000Z","published_date":null,"references":{"url":["http://packetstormsecurity.com/files/127302/","http://seclists.org/fulldisclosure/2014/Jun/172","http://www.securityfocus.com/bid/68254/","https://security.dxw.com/advisories/lfi-in-theme-my-l .........

[!] Please submit this info as an Github issue d0c@Universe:~$

Issue is still here. I've tried to update like 5 times now same issue.

[firefart]

@3n1gma30 According to the time you posted this issue I think I know the problem. This is the time we daily regenerate the json files and need to invalidate them on our CDN which can last a few minutes. So I think you might have ran into this short timeframe. If you try to update again, it should update.

[tunechi1]

can anyone help on this:

[i] Updating the Database ... [!] plugins.json: checksums do not match (local: 9695c8a1f7008ba0cd543572fab2caff47e24c822f70a8b3b8eda9d2cc478656aea99c8e3d5b976b4ecd6ba1d663328629f93b1313d02a59f1640013794bbeef remote: 0d7a9491de7fceeb476fd38b3f7361c373750a25c749430b367a1070bd6db9250d1b0f18c6b43e798c3ab609b20a1a6e486ceda544c78f5bae369cc32fb519fd) [!] Downloaded File Content: {"theme-my-login":{"latest_version":"6.4.9","last_updated":"2017-02-19T22:49:00.000Z","popular":true,"vulnerabilities":[{"id":6043,"title":"Theme My Login 6.3.9 - Local File Inclusion","created_at":"2014-08-01T10:58:35.000Z","updated_at":"2015-05-15T13:47:24.000Z","published_date":null,"references":{"url":["http://packetstormsecurity.com/files/127302/","http://seclists.org/fulldisclosure/2014/Jun/172","http://www.securityfocus.com/bid/68254/","https://security.dxw.com/advisories/lfi-in-theme-my-l .........

[!] Some hints to help you with this issue: [!] -) Try updating again [!] -) If you see SSL/TLS related error messages you have to fix your local TLS setup

[firefart]

@tunechi1 Please try updating again. If you are using the github or the docker version there should now be improved output on errors

[tunechi1]

Hills Charles goldagentcharles@gmail.com 9:04 PM (1 hour ago) to notifications Move to Inbox

More

1 of 6

Please help me with this issue "[i] Updating the Database ... [!] Unable to get https://data.wpscan.org/plugins.json (Timeout was reached)" root@tunechi:~# cat /etc/release DISTRIB_ID=Kali DISTRIB_RELEASE=kali-rolling DISTRIB_CODENAME=kali-rolling DISTRIB_DESCRIPTION="Kali GNU/Linux Rolling" PRETTY_NAME="Kali GNU/Linux Rolling" NAME="Kali GNU/Linux" ID=kali VERSION="2017.1" VERSION_ID="2017.1" ID_LIKE=debian ANSI_COLOR="1;31" HOME_URL="http://www.kali.org/" SUPPORT_URL="http://forums.kali.org/" BUG_REPORT_URL="http://bugs.kali.org/" root@tunechi:~# openssl version OpenSSL 1.1.0f 25 May 2017

On Tue, Aug 1, 2017 at 4:17 PM, Christian Mehlmauer < notifications@github.com> wrote:

@tunechi1 https://github.com/tunechi1 Please try updating again. If you are using the github or the docker version there should now be improved output on errors

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/wpscanteam/wpscan/issues/958#issuecomment-319420323, or mute the thread https://github.com/notifications/unsubscribe-auth/AdM6SZuCFaDN-eRGyX_4Hgxr-ZcKYbiqks5sT0-RgaJpZM4I6q39 .

[firefart]

@tunechi1 see #1118. It's not helpful if you open multiple issues for the same problem.

[tunechi1]

i'm sorry, i should've waited..was not getting any response that's why i open that one too, i'm very sorry

On Wed, Aug 2, 2017 at 8:08 AM, Christian Mehlmauer < notifications@github.com> wrote:

@tunechi1 https://github.com/tunechi1 see #1118 https://github.com/wpscanteam/wpscan/issues/1118. It's not helpful if you open multiple issues for the same problem.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/wpscanteam/wpscan/issues/958#issuecomment-319587417, or mute the thread https://github.com/notifications/unsubscribe-auth/AdM6SblqX02WM-nGSB6IXa7-XdbYuwMEks5sUCBvgaJpZM4I6q39 .

[Danish22]

@FireFart Hi The issue is appearing again . wordpress.json:checksums do not match

Download File Contetnt

[firefart]

We are currently aware of the caching issue (it takes several hours to invalidate the cache) and investigating the issue with our CDN provider

[Danish22]

Okay Thanks

[tengshoujian]

@FireFart Hi how can i resolve the problem?

root@kali:/usr/share/wpscan# ./wpscan.rb --update

---

    __          _______   _____                  
    \ \        / /  __ \ / ____|                 
     \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
      \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
       \  /\  /  | |     ____) | (__| (_| | | | |
        \/  \/   |_|    |_____/ \___|\__,_|_| |_|

    WordPress Security Scanner by the WPScan Team 
                   Version 2.9.3
      Sponsored by Sucuri - https://sucuri.net

@WPScan, @ethicalhack3r, @erwan_lr, pvdl, @FireFart

---

[i] Updating the Database ... [!] wordpresses.json: checksums do not match (local: 4a6e83e524b0bcb735b8a00923eb5af4c0389eebd6c0341abe2c98be7ea9228a3e409074d831b2f44b89f74e7113ec68d2412bbddf4c5728b22df71ae2066021 remote: 5c8c245214905c65946ca275102a202dcc46e8d8470124d3bad14b4bf279caebaefc71057d65ac1e58944a0dccf2282a74da57e9c445d88d0bfc983ef9f1b29c) [!] Downloaded File Content: {"3.8.1":{"release_date":"2014-01-23","changelog_url":"https://codex.wordpress.org/Version_3.8.1","vulnerabilities":[{"id":5963,"title":"WordPress 1.0 - 3.8.1 administrator exploitable blind SQLi","created_at":"2014-08-01T10:58:19.000Z","updated_at":"2015-05-15T13:47:19.000Z","published_date":null,"references":{"url":["https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/"]},"vuln_type":"SQLI","fixed_in":null},{"id":5964,"title":"WordPress 3.7.1 \u0026 3.8.1 Potential Authentication Cookie .........

[!] Some hints to help you with this issue: [!] -) Try updating again [!] -) If you see SSL/TLS related error messages you have to fix your local TLS setup [!] -) Windows is still not supported

[firefart]

[!] Some hints to help you with this issue:
[!] -) Try updating again
[!] -) If you see SSL/TLS related error messages you have to fix your local TLS setup
[!] -) Windows is still not supported

[moisesfaponte]

hi. I'm having this error since yesterday. uninstall and reinstall wpscan but continue with outdated databases and it does not allow me to work.

---

    \ \        / /  __ \ / ____|                 
     \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
      \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
       \  /\  /  | |     ____) | (__| (_| | | | |
        \/  \/   |_|    |_____/ \___|\__,_|_| |_|

    WordPress Security Scanner by the WPScan Team 
                   Version 2.9.4
      Sponsored by Sucuri - https://sucuri.net
  @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_

---

[i] Updating the Database ... [+] Checking: local_vulnerable_files.xml [i] Already Up-To-Date [+] Checking: local_vulnerable_files.xsd [i] Already Up-To-Date [+] Checking: timthumbs.txt [i] Already Up-To-Date [+] Checking: user-agents.txt [i] Already Up-To-Date [+] Checking: wp_versions.xml [i] Already Up-To-Date [+] Checking: wp_versions.xsd [i] Already Up-To-Date [+] Checking: wordpresses.json [i] Already Up-To-Date [+] Checking: plugins.json [i] Needs to be updated [i] Backup Created [i] Downloading new file: https://data.wpscan.org/plugins.json [i] Restoring Backup due to error [i] Deleting Backup

[!] Unable to get https://data.wpscan.org/plugins.json (Timeout was reached) [!] Trace: [!] /usr/share/wpscan/lib/common/db_updater.rb:82:in download' /usr/share/wpscan/lib/common/db_updater.rb:104:inblock in update' /usr/share/wpscan/lib/common/db_updater.rb:89:in each' /usr/share/wpscan/lib/common/db_updater.rb:89:inupdate' ./wpscan.rb:123:in main' ./wpscan.rb:626:in

'

thanks in advance for help

[w0yun]

root@kali:/var/www/html/wpscan# wpscan --update

---

    __          _______   _____                  
    \ \        / /  __ \ / ____|                 
     \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
      \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
       \  /\  /  | |     ____) | (__| (_| | | | |
        \/  \/   |_|    |_____/ \___|\__,_|_| |_|

    WordPress Security Scanner by the WPScan Team 
                   Version 2.9.4
      Sponsored by Sucuri - https://sucuri.net
  @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_

---

[i] Updating the Database ... [!] local_vulnerable_files.xml: checksums do not match (local: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e remote: ) [!] Current Version: 2.9.4 [!] Downloaded File Content:

.........

[!] Some hints to help you with this issue: [!] -) Try updating again using --verbose [!] -) If you see SSL/TLS related error messages you have to fix your local TLS setup [!] -) Windows is still not supported root@kali:/var/www/html/wpscan# curl 'https://wpscan.org/cdn-cgi/trace' fl=28f254 h=wpscan.org ip=115.183.12.246 ts=1584760223.5 visit_scheme=https uag=curl/7.60.0 colo=SEA http=http/2 loc=CN tls=TLSv1.2 sni=plaintext warp=off root@kali:/var/www/html/wpscan# curl -s wpscan.org/plugins.json | sha512sum cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e - root@kali:/var/www/html/wpscan# curl -s wpscan.org/plugins.json.sha512 root@kali:/var/www/html/wpscan# curl -s wpscan.org/themes.json | sha512sum cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e - root@kali:/var/www/html/wpscan# curl -s wpscan.org/themes.json.sha512 root@kali:/var/www/html/wpscan#

我这个问题怎么解决？？？？

[w0yun]

root@kali:/var/www/html# wpscan --disable-tls-checks

[firefart]

You need to update your wpscan installation: https://blog.wpscan.org/wpscan/deprecation/2019/11/25/old-wpscan-deprecation.html