Ryan Dewhurst
Ryan Dewhurst
Traditionally we have not supported scanning sites hosted on wordpress.com However, Business plan users are able to install their own plugins, which cause a risk. Maybe we should look into...
It would be cool if the WPScan output whether a poc exists or not for a given vulnerability
THESE ARE BREAKING CHANGES **Change 1** Currently we run a bunch of things when supplying no arguments. The proposed change would not run anything when no arguments are supplied, and...
Currently, when enumeration (plugins, themes, etc) has completed we output the findings. This method is fine when only enumerating themes, or vulnerable plugins, as they don't take much time. However,...
Currently, not all of wpscan's features are well documented. Some are not documented at all, such as wp-config.php backup disclosure. Would be cool to create a WordPress install with docker...
Getting a ```Net::ReadTimeout``` error on macOS running arachni-1.5-0.5.11 Full error log: https://gist.github.com/ethicalhack3r/3bf395dfdbb3fae9cd13a14c977fcd7c /etc/hosts file has this entry: ``` 127.0.0.1 mywordpress.com ``` I can access mywordpress.com from a browser no problem....
Hi, It seems that when $_SERVER['REQUEST_URI'] or similar is used AND the web server is configured to return custom error pages (including 200 statuses), Spidr ends up in an infinite...
Hi there, I was wondering if it would be possible to multithread the spidr gem? I don't know much about multithreading in ruby, but I believe only Ruby 1.9.x is...
Hi, To have up to date vulnerabilities within this tool, can you add support for WPVulnDB API v3, please? API Docs: https://wpvulndb.com/api Users will need to register and use their...
Hi! After we release WPScan CLI version 3.7.0, expected in the next few weeks, we will be restricting direct access to the full database files after 3 months. After 3...