wpscan
wpscan copied to clipboard
wpscanteam
Detect too many 4xx and/or 5xx HTTP error codes
I ran into this issue today where WPScan would not return meaningful results without apparent reasons.
After investigation it was because of two issues:
- The website was losing connection to the database after a lot of requests
- There was some rate limiting / WAF setup at the host provider
Technically the behavior was the following:
- A
500error when WordPress could not reach the database (Error establishing a database connection) - A
429when there was too many requests
I was able to workaround thoses isues with a combination of using --throttle and setting a custom user-agent using --ua.
Ideally wpscan would detect that something unusual is going on and would warn the user.
One way to do that would be to trigger an error message when there are too many 4XX and 5XX error codes like it is done in sqlmap: https://github.com/sqlmapproject/sqlmap/blob/519c0ac01ba0efb82b688ba2381e9e909127985a/lib/core/common.py#L3704
Trigger an error message in such case would be a very bad idea, as during enumeration, they are usually a lot of 404.
What could be done, is maybe display a list of the 5 most status codes received at the end of the scan (along with the number of requests done for example).
Something like:
[+] Requests Done: 185
[+] Most Response codes received: 200: 100, 429: 50, 500: 30, 404: 5
Would that work for you ? (if you have any other idea for the output format, or text, please share :))
Good point for the 404 this one should definitely not trigger a warning but if there are no other cases I would just add the 404 as an exception.
I would still add a line if there are any 4xx or 5xx errors except for 404.
[+] Requests Done: 185
[+] Most Response codes received: 200: 100, 429: 50, 500: 30, 404: 5
[+] Too many 4xx and/or 5xx HTTP error codes could mean that some kind of protection is involved (e.g. WAF)