Want more timely Centmin Mod News Updates?
Become a Member

Wordpress How to install WPScan Vulnerability Scanner for Wordpress

Discussion in 'Blogs & CMS usage' started by eva2000, Jan 6, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    54,345
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    5:13 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    How to install WPScan vulnerability scanner guide for Centmin Mod LEMP stack users who use Wordpress. Please read and re-read the following links for general overview of install and usage steps and note the 2 different methods below for CentOS 6.x and CentOS 7.x install due to Ruby version requirements

    WPScan Requirements Install on CentOS 7.2



    This was tested on CentOS 7.2, so not sure if it works on CentOS 6.x so do test on test server first. Looks like CentOS 6.7 doesn't mean Ruby 1.9.2+ requirements
    Code:
    Prerequisites:
    
    Ruby >= 1.9.2 - Recommended: 2.3.0
    Curl >= 7.21 - Recommended: latest
    RubyGems - Recommended: latest - seems now needs >2.3+
    Git
    I usually setup a dedicated directory for my tools at /root/tools, you can use whatever directory you want. The guide will install wpscan.rb to /root/tools/wpscan/wpscan.rb.
    Code (Text):
    curl -sSL https://rvm.io/pkuczynski.asc | gpg2 --import -
    curl -L https://get.rvm.io | bash -s stable
    source /etc/profile.d/rvm.sh
    rvm requirements
    type rvm | head -1
    RUBYVER=3.3.0
    rvm install ${RUBYVER}
    rvm use ${RUBYVER} --default
    rvm rubygems current
    echo '[[ -s "/etc/profile.d/rvm.sh" ]] && source "/etc/profile.d/rvm.sh"  # This loads RVM into a shell session.' >> ~/.bashrc
    echo $PATH
    ruby -v

    Centmin Mod 123.09beta01 or newer users don't need to manually install Ruby outlined above. You can run addons/ruby.sh
    Code (Text):
    cmupdate
    cmdir
    addons/ruby.sh install
    


    Verify ruby version
    Code (Text):
    ruby -v
    ruby 2.6.3p62 (2019-04-16 revision 67580) [x86_64-linux]
    

    With ruby 3.1.2
    Code (Text):
    ruby -v
    ruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [x86_64-linux]
    


    WPScan Requirements Install on CentOS 6.x



    CentOS 6.x uses Ruby 1.8.7 which is too old for WPScan which requires Ruby 1.9.2+ and higher, so we can use rvm tool to manage and install more recent Ruby 2.5.3

    Code (Text):
    curl -sSL https://rvm.io/mpapis.asc | gpg -v --import -
    curl -L https://get.rvm.io | bash -s stable
    rvm requirements
    type rvm | head -1
    RUBYVER=2.5.3
    rvm install ${RUBYVER}
    rvm use ${RUBYVER} --default
    rvm rubygems current
    source /etc/profile.d/rvm.sh
    echo '[[ -s "/etc/profile.d/rvm.sh" ]] && source "/etc/profile.d/rvm.sh"  # This loads RVM into a shell session.' >> ~/.bashrc
    echo $PATH
    ruby -v

    Centmin Mod 123.09beta01 users don't need to manually install Ruby outlined above. You can run addons/ruby.sh
    Code (Text):
    cmupdate
    cmdir
    addons/ruby.sh install
    

    Verify ruby version
    Code:
    ruby -v
    ruby 2.6.3p62 (2019-04-16 revision 67580) [x86_64-linux]
    

    WPScan Install



    Then install WPScan

    Code:
    yum -y install gcc ruby-devel rubygem-bundler libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch git
    mkdir -p /root/tools
    cd /root/tools
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    bundle install && rake install


    As at August 2022, you can just install using gem command
    Code (Text):
    gem install wpscan


    Updating WPScan on CentOS



    To update easy as changing into /root/tools/wpscan directory and running commands:
    Code (Text):
    wpscan --update
    


    example
    Code (Text):
    wpscan --update
    _______________________________________________________________
             __          _______   _____
             \ \        / /  __ \ / ____|
              \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
               \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
                \  /\  /  | |     ____) | (__| (_| | | | |
                 \/  \/   |_|    |_____/ \___|\__,_|_| |_|
    
             WordPress Security Scanner by the WPScan Team
                             Version 3.8.22
                                  
           @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
    _______________________________________________________________
    
    [i] Updating the Database ...
    [i] Update completed.
    


    Using WPScan on CentOS



    As per article outlined above, there's various wpscan scanning options you can run. I ran centmin.sh menu option 22 to auto install a Wordpress blog on dummy domain = domain1.com so will scan that domain1.com for below examples.


    Quick scan
    Code (Text):
    wpscan --url http://wpfc.domain.com
    _______________________________________________________________
            __          _______   _____
            \ \        / /  __ \ / ____|
             \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
              \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
               \  /\  /  | |     ____) | (__| (_| | | | |
                \/  \/   |_|    |_____/ \___|\__,_|_| |_|
    
            WordPress Security Scanner by the WPScan Team
                           Version 3.3.2
              Sponsored by Sucuri - https://sucuri.net
          @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
    _______________________________________________________________
    
    [+] URL: http://wpfc.domain.com/
    [+] Started: Thu Nov  1 07:51:01 2018
    
    Interesting Finding(s):
    
    [+] http://wpfc.domain.com/
     | Interesting Entries:
     |  - Server: nginx centminmod
     |  - X-Powered-By: centminmod
     |  - X-Processing-Time: 0.100
     |  - X-Request-ID: 215ea91908cdea851eeb7eeab40b40fa
     |  - X-FPM-Cache: MISS
     | Found By: Headers (Passive Detection)
     | Confidence: 100%
    
    [+] http://wpfc.domain.com/xmlrpc.php
     | Found By: Direct Access (Aggressive Detection)
     | Confidence: 100%
     | References:
     |  - http://codex.wordpress.org/XML-RPC_Pingback_API
     |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
     |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
     |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
     |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
    
    [+] WordPress version 4.9.8 identified (Released on 2018-08-02).
     | Detected By: Rss Generator (Passive Detection)
     |  - http://wpfc.domain.com/feed/, <generator>https://wordpress.org/?v=4.9.8</generator>
     |  - http://wpfc.domain.com/comments/feed/, <generator>https://wordpress.org/?v=4.9.8</generator>
    
    [+] WordPress theme in use: twentyseventeen
     | Location: http://wpfc.domain.com/wp-content/themes/twentyseventeen/
     | Latest Version: 1.7 (up to date)
     | Last Updated: 2018-08-02T00:00:00.000Z
     | Style URL: http://wpfc.domain.com/wp-content/themes/twentyseventeen/style.css
     | Style Name: Twenty Seventeen
     | Style URI: https://wordpress.org/themes/twentyseventeen/
     | Description: Twenty Seventeen brings your site to life with header video and immersive featured images. With a fo...
     | Author: the WordPress team
     | Author URI: https://wordpress.org/
     |
     | Detected By: Urls In Homepage (Passive Detection)
     |
     | Version: 1.7 (80% confidence)
     | Detected By: Style (Passive Detection)
     |  - http://wpfc.domain.com/wp-content/themes/twentyseventeen/style.css, Match: 'Version: 1.7'
    
    [+] Enumerating All Plugins
    [+] Checking Plugin Versions
    
    [i] Plugin(s) Identified:
    
    [+] nginx-helper
     | Location: http://wpfc.domain.com/wp-content/plugins/nginx-helper/
     | Latest Version: 1.9.12
     | Last Updated: 2018-09-24T09:57:00.000Z
     |
     | Detected By: Comment (Passive Detection)
     |
     | The version could not be determined.
    
    [+] Enumerating Config Backups
     Checking Config Backups - Time: 00:00:00 <=============================================================================================================================================================================> (21 / 21) 100.00% Time: 00:00:00
    
    [i] No Config Backups Found.
    
    [+] Finished: Thu Nov  1 07:51:04 2018
    [+] Requests Done: 62
    [+] Memory used: 37.195 MB
    [+] Elapsed time: 00:00:03
    


    Vulnerable Wordpress Plugin Scan
    Code (Text):
    wpscan --url http://wpfc.domain.com --enumerate vp
    _______________________________________________________________
            __          _______   _____
            \ \        / /  __ \ / ____|
             \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
              \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
               \  /\  /  | |     ____) | (__| (_| | | | |
                \/  \/   |_|    |_____/ \___|\__,_|_| |_|
    
            WordPress Security Scanner by the WPScan Team
                           Version 3.3.2
              Sponsored by Sucuri - https://sucuri.net
          @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
    _______________________________________________________________
    
    [+] URL: http://wpfc.domain.com/
    [+] Started: Thu Nov  1 07:52:18 2018
    
    Interesting Finding(s):
    
    [+] http://wpfc.domain.com/
     | Interesting Entries:
     |  - Server: nginx centminmod
     |  - X-Powered-By: centminmod
     |  - X-Processing-Time: 0.100
     |  - X-Request-ID: 215ea91908cdea851eeb7eeab40b40fa
     |  - X-FPM-Cache: MISS
     | Found By: Headers (Passive Detection)
     | Confidence: 100%
    
    [+] http://wpfc.domain.com/xmlrpc.php
     | Found By: Direct Access (Aggressive Detection)
     | Confidence: 100%
     | References:
     |  - http://codex.wordpress.org/XML-RPC_Pingback_API
     |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
     |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
     |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
     |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
    
    [+] WordPress version 4.9.8 identified (Released on 2018-08-02).
     | Detected By: Rss Generator (Passive Detection)
     |  - http://wpfc.domain.com/feed/, <generator>https://wordpress.org/?v=4.9.8</generator>
     |  - http://wpfc.domain.com/comments/feed/, <generator>https://wordpress.org/?v=4.9.8</generator>
    
    [+] WordPress theme in use: twentyseventeen
     | Location: http://wpfc.domain.com/wp-content/themes/twentyseventeen/
     | Latest Version: 1.7 (up to date)
     | Last Updated: 2018-08-02T00:00:00.000Z
     | Style URL: http://wpfc.domain.com/wp-content/themes/twentyseventeen/style.css
     | Style Name: Twenty Seventeen
     | Style URI: https://wordpress.org/themes/twentyseventeen/
     | Description: Twenty Seventeen brings your site to life with header video and immersive featured images. With a fo...
     | Author: the WordPress team
     | Author URI: https://wordpress.org/
     |
     | Detected By: Urls In Homepage (Passive Detection)
     |
     | Version: 1.7 (80% confidence)
     | Detected By: Style (Passive Detection)
     |  - http://wpfc.domain.com/wp-content/themes/twentyseventeen/style.css, Match: 'Version: 1.7'
    
    [+] Enumerating Vulnerable Plugins
    [+] Checking Plugin Versions
    
    [i] No plugins Found.
    
    [+] Finished: Thu Nov  1 07:52:20 2018
    [+] Requests Done: 0
    [+] Memory used: 35.309 MB
    [+] Elapsed time: 00:00:02
    


    Wordpress user scan by WPScan
    Code (Text):
    wpscan --url http://wpfc.domain.com --enumerate u
    _______________________________________________________________
            __          _______   _____
            \ \        / /  __ \ / ____|
             \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
              \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
               \  /\  /  | |     ____) | (__| (_| | | | |
                \/  \/   |_|    |_____/ \___|\__,_|_| |_|
    
            WordPress Security Scanner by the WPScan Team
                           Version 3.3.2
              Sponsored by Sucuri - https://sucuri.net
          @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
    _______________________________________________________________
    
    [+] URL: http://wpfc.domain.com/
    [+] Started: Thu Nov  1 07:53:10 2018
    
    Interesting Finding(s):
    
    [+] http://wpfc.domain.com/
     | Interesting Entries:
     |  - Server: nginx centminmod
     |  - X-Powered-By: centminmod
     |  - X-Processing-Time: 0.100
     |  - X-Request-ID: 215ea91908cdea851eeb7eeab40b40fa
     |  - X-FPM-Cache: MISS
     | Found By: Headers (Passive Detection)
     | Confidence: 100%
    
    [+] http://wpfc.domain.com/xmlrpc.php
     | Found By: Direct Access (Aggressive Detection)
     | Confidence: 100%
     | References:
     |  - http://codex.wordpress.org/XML-RPC_Pingback_API
     |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
     |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
     |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
     |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
    
    [+] WordPress version 4.9.8 identified (Released on 2018-08-02).
     | Detected By: Rss Generator (Passive Detection)
     |  - http://wpfc.domain.com/feed/, <generator>https://wordpress.org/?v=4.9.8</generator>
     |  - http://wpfc.domain.com/comments/feed/, <generator>https://wordpress.org/?v=4.9.8</generator>
    
    [+] WordPress theme in use: twentyseventeen
     | Location: http://wpfc.domain.com/wp-content/themes/twentyseventeen/
     | Latest Version: 1.7 (up to date)
     | Last Updated: 2018-08-02T00:00:00.000Z
     | Style URL: http://wpfc.domain.com/wp-content/themes/twentyseventeen/style.css
     | Style Name: Twenty Seventeen
     | Style URI: https://wordpress.org/themes/twentyseventeen/
     | Description: Twenty Seventeen brings your site to life with header video and immersive featured images. With a fo...
     | Author: the WordPress team
     | Author URI: https://wordpress.org/
     |
     | Detected By: Urls In Homepage (Passive Detection)
     |
     | Version: 1.7 (80% confidence)
     | Detected By: Style (Passive Detection)
     |  - http://wpfc.domain.com/wp-content/themes/twentyseventeen/style.css, Match: 'Version: 1.7'
    
    [+] Enumerating Users
     Brute Forcing Author IDs - Time: 00:00:00 <============================================================================================================================================================================> (10 / 10) 100.00% Time: 00:00:00
    
    [i] User(s) Identified:
    
    [+]
     | Detected By: Rss Generator (Passive Detection)
     | Confirmed By: Rss Generator (Aggressive Detection)
    
    [+] feed
     | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
    
    [+] Finished: Thu Nov  1 07:53:12 2018
    [+] Requests Done: 17
    [+] Memory used: 1.539 MB
    [+] Elapsed time: 00:00:02
    


    WPScan Help Options



    Code (Text):
    wpscan --help
    _______________________________________________________________
            __          _______   _____
            \ \        / /  __ \ / ____|
             \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
              \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
               \  /\  /  | |     ____) | (__| (_| | | | |
                \/  \/   |_|    |_____/ \___|\__,_|_| |_|
    
            WordPress Security Scanner by the WPScan Team
                           Version 3.3.2
              Sponsored by Sucuri - https://sucuri.net
          @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
    _______________________________________________________________
    
    Usage: wpscan [options]
            --url URL                                 The URL of the blog to scan
                                                      Allowed Protocols: http, https
                                                      Default Protocol if none provided: http
                                                      This option is mandatory unless update or help or hh or version is/are supplied
        -h, --help                                    Display the simple help and exit
            --hh                                      Display the full help and exit
            --version                                 Display the version and exit
        -v, --verbose                                 Verbose mode
            --[no-]banner                             Whether or not to display the banner
                                                      Default: true
        -o, --output FILE                             Output to FILE
        -f, --format FORMAT                           Output results in the format supplied
                                                      Available choices: cli-no-colour, cli-no-color, json, cli
            --detection-mode MODE                     Default: mixed
                                                      Available choices: mixed, passive, aggressive
            --user-agent, --ua VALUE
            --random-user-agent, --rua                Use a random user-agent for each scan
            --http-auth login:password
        -t, --max-threads VALUE                       The max threads to use
                                                      Default: 5
            --throttle MilliSeconds                   Milliseconds to wait before doing another web request. If used, the max threads will be set to 1.
            --request-timeout SECONDS                 The request timeout in seconds
                                                      Default: 60
            --connect-timeout SECONDS                 The connection timeout in seconds
                                                      Default: 30
            --disable-tls-checks                      Disables SSL/TLS certificate verification
            --proxy protocol://IP:port                Supported protocols depend on the cURL installed
            --proxy-auth login:password
            --cookie-string COOKIE                    Cookie string to use in requests, format: cookie1=value1[; cookie2=value2]
            --cookie-jar FILE-PATH                    File to read and write cookies
                                                      Default: /tmp/wpscan/cookie_jar.txt
            --force                                   Do not check if the target is running WordPress
            --[no-]update                             Whether or not to update the Database
            --wp-content-dir DIR
            --wp-plugins-dir DIR
        -e, --enumerate [OPTS]                        Enumeration Process
                                                      Available Choices:
                                                       vp   Vulnerable plugins
                                                       ap   All plugins
                                                       p    Plugins
                                                       vt   Vulnerable themes
                                                       at   All themes
                                                       t    Themes
                                                       tt   Timthumbs
                                                       cb   Config backups
                                                       dbe  Db exports
                                                       u    User IDs range. e.g: u1-5
                                                            Range separator to use: '-'
                                                            Value if no argument supplied: 1-10
                                                       m    Media IDs range. e.g m1-15
                                                            Note: Permalink setting must be set to "Plain" for those to be detected
                                                            Range separator to use: '-'
                                                            Value if no argument supplied: 1-100
                                                      Separator to use between the values: ','
                                                      Default: All Plugins, Config Backups
                                                      Value if no argument supplied: vp,vt,tt,cb,dbe,u,m
                                                      Incompatible choices (only one of each group/s can be used):
                                                       - vp, ap, p
                                                       - vt, at, t
            --exclude-content-based REGEXP_OR_STRING  Exclude all responses matching the Regexp (case insensitive) during parts of the enumeration.
                                                      Both the headers and body are checked. Regexp delimiters are not required.
            --plugins-detection MODE                  Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode.
                                                      Default: passive
                                                      Available choices: mixed, passive, aggressive
            --plugins-version-detection MODE          Use the supplied mode to check plugins versions instead of the --detection-mode or --plugins-detection modes.
                                                      Default: mixed
                                                      Available choices: mixed, passive, aggressive
        -P, --passwords FILE-PATH                     List of passwords to use during the password attack.
                                                      If no --username/s option supplied, user enumeration will be run.
        -U, --usernames LIST                          List of usernames to use during the password attack.
                                                      Examples: 'a1', 'a1,a2,a3', '/tmp/a.txt'
            --multicall-max-passwords MAX_PWD         Maximum number of passwords to send by request with XMLRPC multicall
                                                      Default: 500
            --password-attack ATTACK                  Force the supplied attack to be used rather than automatically determining one.
                                                      Available choices: wp-login, xmlrpc, xmlrpc-multicall
            --stealthy                                Alias for --random-user-agent --detection-mode passive --plugins-version-detection passive
    
    [!] To see full list of options use --hh.
    
     
    Last edited: Jun 29, 2016
  2. eva2000

    eva2000 Administrator Staff Member

    54,345
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    5:13 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Not sure how accurate the vulnerability plugin report is as I found on some WP installs they are reporting outdated WP plugin versions, but when I check the actual WP install, the WP plugins are using latest versions ?

    Ah i overlooked this message which suggests if version of plugin is not detectable it will print out all vulnerabilities for plugins it finds

    Code:
    [!] We could not determine a version so all vulnerabilities are printed out
     
    Last edited: Jan 6, 2016
  3. Matt Williams

    Matt Williams WordPress Fanatic

    537
    104
    43
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +157
    Local Time:
    2:13 AM
    latest
    10
    Excellent! Bookmarked! Been looking to install this for awhile! Thank you! (y)

    Maybe make this a new Menu item? Possible?
     
    Last edited by a moderator: Jan 6, 2016
  4. eva2000

    eva2000 Administrator Staff Member

    54,345
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    5:13 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Possiblely another one for the official addons vault eventually at centminmod.com/addons.html :)
     
  5. Matt Williams

    Matt Williams WordPress Fanatic

    537
    104
    43
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +157
    Local Time:
    2:13 AM
    latest
    10
    wow - I tested a site with the code:
    and it shot the CPU load to 100% on the vps with the site installed and the WPScanner is on a different VPS then the site. - that's a downfall.
     
  6. eva2000

    eva2000 Administrator Staff Member

    54,345
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    5:13 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    try passing the thread flag -t XX to lower number of threads used
    Code:
    --threads  | -t <number of threads> The number of threads to use when multi-threading requests.
    i think.. not sure the WPScan by default uses as many threads as the cpu threads it can detect. So if WPScan server has 8 threads and target WP only has 2 threads you may overload it ???
     
  7. eva2000

    eva2000 Administrator Staff Member

    54,345
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    5:13 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Now to the other side of WPScan adventures, blocking other folks from scanning your Wordpress blogs and only allowing specified IP addresses to scan your WP blogs.

    Setup a nginx map against user agent variable to blacklist user agents. However, WPScan has a flag to change that user agent id so limited usefulness.

    The default WPScan user agent
    Code:
    "WPScan v2.9 (http://wpscan.org)"
    Using nginx map and nginx geoip module (installed out of box for Centmin Mod LEMP nginx server)

    in nginx.conf http{} context add a new include file called /usr/local/nginx/conf/wpscan.conf. The final mapping's 3 digit combinations may need tweaking for your needs
    Code:
        include /usr/local/nginx/conf/wpscan.conf;
    
    and add to /usr/local/nginx/conf/wpscan.conf the following map and geo mappings
    Code:
       map $http_user_agent $wpscan_bot {
            default                 0;
            "~*WPScan"              1;
       }
    
       map $geoip_country_code $allow_cc {
            default                 0;
            AU                      1;
       }
    
       geo $allow_myips {
            default                 0;
            127.0.0.1               1;
            1.2.3.4                 1;
       }
    
       map $wpscan_bot$allow_cc$allow_myips $allow_wpscan {
            default                 0;
            001                     0;
            011                     0;
            010                     0;
            100                     1;  # block WPScan user agent
            111                     0;  # WPScan from specific country and ip address
            101                     0;  # WPScan from specific ip address
       }
    
    so 111 combo allows WPScan from AU = Australia + specific defined IP address like 127.0.0.1 or 1.2.3.4

    in nginx vhost domain.com.conf in appropriate location contexts for your setup and/or wordpress /usr/local/nginx/conf/wpsecure_${vhostname}.conf (123.08stable) or /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf (123.09beta01+ and higher) include file where ${vhostname} is your site domain name
    Code:
        if ($allow_wpscan = 1) {
            return 444
        }
    
    or in wpsecure_${vhostname}.conf include file
    Code:
            location ~* /wp-content/ {
              if ($allow_wpscan = 1) {
                 return 444;
              }
            }
    
    I implemented the latter via the wpsecure_${vhostname}.conf include file and at very bottom of wpsecure_${vhostname}.conf include file placed the above CODE

    Then I did a test WPScan and checked access.log for domain1.com and you will see 444 status errors
    Code:
    wpscanip - - [06/Jan/2016:08:37:27 +0000] "GET /wp-content/plugins/wp-super-cache/README.txt HTTP/1.1" 444 0 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:37:27 +0000] "GET /wp-content/plugins/wp-super-cache/Readme.txt HTTP/1.1" 444 0 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:37:27 +0000] "GET /wp-content/plugins/wp-super-cache/ReadMe.txt HTTP/1.1" 444 0 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:37:27 +0000] "GET /wp-content/plugins/wp-super-cache/README.TXT HTTP/1.1" 444 0 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:37:27 +0000] "GET /wp-content/plugins/wp-super-cache/changelog.txt HTTP/1.1" 444 0 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:37:27 +0000] "GET /wp-content/plugins/wp-super-cache/ HTTP/1.1" 444 0 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:37:27 +0000] "GET /wp-content/plugins/wp-super-cache/error_log HTTP/1.1" 444 0 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    
    looks like 403 code better than 444 in terms of not allowing WPScan determining the actual plugins installed, 444 still reports the plugin names.

    in nginx vhost domain.com.conf in appropriate location contexts for your setup and/or wordpress /usr/local/nginx/conf/wpsecure_${vhostname}.conf include file where ${vhostname} is your site domain name
    Code:
        if ($allow_wpscan = 1) {
            return 403
        }
    
    or in wpsecure_${vhostname}.conf include file
    Code:
            location ~* /wp-content/ {
              if ($allow_wpscan = 1) {
                 return 403;
              }
            }
    
    Code:
    wpscanip - - [06/Jan/2016:08:51:25 +0000] "GET /wp-content/plugins/wp-limit-login-attempts/readme.txt HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:51:25 +0000] "GET /wp-content/plugins/wp-limit-login-attempts/README.txt HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:51:25 +0000] "GET /wp-content/plugins/wp-limit-login-attempts/Readme.txt HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:51:25 +0000] "GET /wp-content/plugins/wp-limit-login-attempts/ReadMe.txt HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:51:25 +0000] "GET /wp-content/plugins/wp-limit-login-attempts/README.TXT HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:51:25 +0000] "GET /wp-content/plugins/wp-limit-login-attempts/readme.TXT HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    Looks like that configuration only blocks wp-content access for WPScan vulnerable plugin scan flag not the basic quick test !

    Quick test still hits other urls and reports WP plugin detected list of vulnerabilities even if can not determine the version
    Code:
    ruby wpscan.rb --url http://domain1.com
    some with 200 and 302 status and others 403 or 444
    Code:
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET / HTTP/1.1" 200 18931 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET /wp-content/plugins HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET /readme.html HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET /wp-includes/rss-functions.php HTTP/1.1" 500 5 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET /wp-content/debug.log HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET /wp-config.php.save HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET /.wp-config.php.swp HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET /%23wp-config.php%23 HTTP/1.1" 444 0 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET /wp-config.php_bak HTTP/1.1" 444 0 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET /wp-config.php~ HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET /wp-config.php.swp HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET /wp-config.txt HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET /wp-config.php.swo HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET /wp-config.php.old HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET /wp-config.php.bak HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET /wp-config.bak HTTP/1.1" 444 0 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET /wp-config.php.orig HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET /wp-config.original HTTP/1.1" 404 6193 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:05 +0000] "GET /wp-config.orig HTTP/1.1" 404 6193 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:05 +0000] "GET /wp-config.old HTTP/1.1" 404 6193 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:05 +0000] "GET /wp-config.save HTTP/1.1" 404 6193 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:05 +0000] "GET /searchreplacedb2.php HTTP/1.1" 404 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:05 +0000] "GET /wp-signup.php HTTP/1.1" 302 198 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:05 +0000] "GET /wp-content/mu-plugins/ HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:05 +0000] "GET /wp-login.php?action=register HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:05 +0000] "GET /wp-content/uploads/ HTTP/1.1" 403 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:06 +0000] "GET /feed/ HTTP/1.1" 200 69302 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    Some 404s filenames you should be careful not to save as or place such files
    Code:
    wpscanip - - [06/Jan/2016:08:54:04 +0000] "GET /wp-config.original HTTP/1.1" 404 6193 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:05 +0000] "GET /wp-config.orig HTTP/1.1" 404 6193 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:05 +0000] "GET /wp-config.old HTTP/1.1" 404 6193 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:05 +0000] "GET /wp-config.save HTTP/1.1" 404 6193 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [06/Jan/2016:08:54:05 +0000] "GET /searchreplacedb2.php HTTP/1.1" 404 162 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    Quick test with custom useragent = customscan
    Code:
    ruby wpscan.rb --url http://domain1.com -a customscan
    This still reported WP Super Cache as installed maybe due to 200 status for request /wp-content/plugins/wp-super-cache/readme.txt and custom user agent bypassing the nginx 403 block
    Code:
    wpscanip - - [06/Jan/2016:09:10:19 +0000] "GET /wp-config.old HTTP/1.1" 404 6193 "http://domain1.com/" "customscan"
    wpscanip - - [06/Jan/2016:09:10:19 +0000] "GET /searchreplacedb2.php HTTP/1.1" 404 162 "http://domain1.com/" "customscan"
    wpscanip - - [06/Jan/2016:09:10:19 +0000] "GET /wp-signup.php HTTP/1.1" 302 198 "http://domain1.com/" "customscan"
    wpscanip - - [06/Jan/2016:09:10:19 +0000] "GET /wp-content/mu-plugins/ HTTP/1.1" 403 162 "http://domain1.com/" "customscan"
    wpscanip - - [06/Jan/2016:09:10:19 +0000] "GET /wp-login.php?action=register HTTP/1.1" 403 162 "http://domain1.com/" "customscan"
    wpscanip - - [06/Jan/2016:09:10:20 +0000] "GET /xmlrpc.php HTTP/1.1" 405 240 "http://domain1.com/" "customscan"
    wpscanip - - [06/Jan/2016:09:10:20 +0000] "GET /wp-content/uploads/ HTTP/1.1" 403 162 "http://domain1.com/" "customscan"
    wpscanip - - [06/Jan/2016:09:10:20 +0000] "GET /feed/ HTTP/1.1" 200 69302 "http://domain1.com/" "customscan"
    wpscanip - - [06/Jan/2016:09:10:20 +0000] "GET /feed/rdf/ HTTP/1.1" 200 70485 "http://domain1.com/" "customscan"
    wpscanip - - [06/Jan/2016:09:10:21 +0000] "GET /feed/atom/ HTTP/1.1" 200 70830 "http://domain1.com/" "customscan"
    wpscanip - - [06/Jan/2016:09:10:21 +0000] "GET /wp-content/plugins/wp-super-cache/readme.txt HTTP/1.1" 200 49548 "http://domain1.com/" "customscan"
    wpscanip - - [06/Jan/2016:09:10:21 +0000] "GET /wp-content/plugins/wp-super-cache/changelog.txt HTTP/1.1" 404 162 "http://domain1.com/" "customscan"
    wpscanip - - [06/Jan/2016:09:10:22 +0000] "GET /wp-content/plugins/wp-super-cache/ HTTP/1.1" 403 162 "http://domain1.com/" "customscan"
    wpscanip - - [06/Jan/2016:09:10:22 +0000] "GET /wp-content/plugins/wp-super-cache/error_log HTTP/1.1" 404 162 "http://domain1.com/" "customscan"
    edit: updated 123.08stable and 123.09beta01 branch code for default wordpress auto installer's include file /usr/local/nginx/conf/wpsecure_${vhostname}.conf template to make sure denied files are case insensitive update inc/wpsetup.inc and tools/nvwp.sh · centminmod/centminmod@aa86765 · GitHub

    edit: not sure but with return 403 on -e vp scans it returns 1000s of wp plugins installed which are not installed but if I use 444 return code for -e vp scans, then it just returns installed wp plugins but without version number detectable

    Code:
            location ~* /wp-content/ {
              if ($allow_wpscan = 1) {
                 return 444;
              }
            }
    Code:
    [+] WordPress version 4.4.1 identified from advanced fingerprinting
    
    [+] Enumerating installed plugins (only ones with known vulnerabilities) ...
    
       Time: 00:00:05 <========================================================================> (1253 / 1253) 100.00% Time: 00:00:05
    
    [+] We found 8 plugins:
    
    [+] Name: akismet
    |  Latest version: 3.1.7
    |  Location: http://domain1.com/wp-content/plugins/akismet/
    
    [!] We could not determine a version so all vulnerabilities are printed out
    
    [!] Title: Akismet 2.5.0-3.1.4 - Unauthenticated Stored Cross-Site Scripting (XSS)
        Reference: https://wpvulndb.com/vulnerabilities/8215
        Reference: http://blog.akismet.com/2015/10/13/akismet-3-1-5-wordpress/
        Reference: https://blog.sucuri.net/2015/10/security-advisory-stored-xss-in-akismet-wordpress-plugin.html
    [i] Fixed in: 3.1.5
    Code:
    grep akismet access.log | tail -10
    wpscanip - - [07/Jan/2016:00:29:17 +0000] "GET /wp-content/plugins/akismet/ HTTP/1.1" 444 0 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [07/Jan/2016:00:31:12 +0000] "GET /wp-content/plugins/akismet/ HTTP/1.1" 200 26 "http://domain1.com/" "customscan"
    wpscanip - - [07/Jan/2016:00:31:17 +0000] "GET /wp-content/plugins/akismet/readme.txt HTTP/1.1" 403 162 "http://domain1.com/" "customscan"
    wpscanip - - [07/Jan/2016:00:31:17 +0000] "GET /wp-content/plugins/akismet/README.txt HTTP/1.1" 403 162 "http://domain1.com/" "customscan"
    wpscanip - - [07/Jan/2016:00:31:17 +0000] "GET /wp-content/plugins/akismet/Readme.txt HTTP/1.1" 403 162 "http://domain1.com/" "customscan"
    wpscanip - - [07/Jan/2016:00:31:17 +0000] "GET /wp-content/plugins/akismet/ReadMe.txt HTTP/1.1" 403 162 "http://domain1.com/" "customscan"
    wpscanip - - [07/Jan/2016:00:31:17 +0000] "GET /wp-content/plugins/akismet/README.TXT HTTP/1.1" 403 162 "http://domain1.com/" "customscan"
    wpscanip - - [07/Jan/2016:00:31:17 +0000] "GET /wp-content/plugins/akismet/readme.TXT HTTP/1.1" 403 162 "http://domain1.com/" "customscan"
    wpscanip - - [07/Jan/2016:00:31:17 +0000] "GET /wp-content/plugins/akismet/changelog.txt HTTP/1.1" 403 162 "http://domain1.com/" "customscan"
    wpscanip - - [07/Jan/2016:00:31:17 +0000] "GET /wp-content/plugins/akismet/error_log HTTP/1.1" 404 162 "http://domain1.com/" "customscan"
    
     
    Last edited: Jun 29, 2016
  8. eva2000

    eva2000 Administrator Staff Member

    54,345
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    5:13 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Ah looks like WPScan deems the following as valid return HTTP status codes wpscan/wp_target.rb at master · wpscanteam/wpscan · GitHub so return 403 isn't ideal versus 444

    Code:
      # Valid HTTP return codes
      def self.valid_response_codes
        [200, 301, 302, 401, 403, 500, 400]
      end
    
    readmes seem to return valid if HTTP status code is not 404 wpscan/wp_readme.rb at master · wpscanteam/wpscan · GitHub
    Code:
          unless response.code == 404
            return response.body =~ %r{wordpress}i ? true : false
          end
    so if i set return to 444 instead of 403 but still WPScan reports the plugins just can't find or detect the version (with custom useragent to bypass nginx blocking)

    Code:
    [+] WordPress version 4.4.1 identified from advanced fingerprinting
    
    [+] Enumerating installed plugins (only ones with known vulnerabilities) ...
    
       Time: 00:00:05 <=================================================================================================================================================================================================> (1253 / 1253) 100.00% Time: 00:00:05
    
    [+] We found 8 plugins:
    
    [+] Name: akismet
    |  Latest version: 3.1.7
    |  Location: http://domain1.com/wp-content/plugins/akismet/
    
    [!] We could not determine a version so all vulnerabilities are printed out
    
    [!] Title: Akismet 2.5.0-3.1.4 - Unauthenticated Stored Cross-Site Scripting (XSS)
        Reference: https://wpvulndb.com/vulnerabilities/8215
        Reference: http://blog.akismet.com/2015/10/13/akismet-3-1-5-wordpress/
        Reference: https://blog.sucuri.net/2015/10/security-advisory-stored-xss-in-akismet-wordpress-plugin.html
    [i] Fixed in: 3.1.5
    Code:
    grep akismet access.log | tail -10
    wpscanip - - [07/Jan/2016:01:04:28 +0000] "GET /wp-content/plugins/akismet/readme.TXT HTTP/1.1" 444 0 "http://domain1.com/" "customscan"
    wpscanip - - [07/Jan/2016:03:30:28 +0000] "GET /wp-content/plugins/akismet/ HTTP/1.1" 200 26 "http://domain1.com/" "customscan"
    wpscanip - - [07/Jan/2016:03:30:32 +0000] "GET /wp-content/plugins/akismet/readme.txt HTTP/1.1" 444 0 "http://domain1.com/" "customscan"
    wpscanip - - [07/Jan/2016:03:30:33 +0000] "GET /wp-content/plugins/akismet/readme.TXT HTTP/1.1" 444 0 "http://domain1.com/" "customscan"
    wpscanip - - [07/Jan/2016:03:30:34 +0000] "GET /wp-content/plugins/akismet/changelog.txt HTTP/1.1" 444 0 "http://domain1.com/" "customscan"
    wpscanip - - [07/Jan/2016:03:30:33 +0000] "GET /wp-content/plugins/akismet/README.txt HTTP/1.1" 444 0 "http://domain1.com/" "customscan"
    wpscanip - - [07/Jan/2016:03:30:33 +0000] "GET /wp-content/plugins/akismet/Readme.txt HTTP/1.1" 444 0 "http://domain1.com/" "customscan"
    wpscanip - - [07/Jan/2016:03:30:33 +0000] "GET /wp-content/plugins/akismet/ReadMe.txt HTTP/1.1" 444 0 "http://domain1.com/" "customscan"
    wpscanip - - [07/Jan/2016:03:30:33 +0000] "GET /wp-content/plugins/akismet/README.TXT HTTP/1.1" 444 0 "http://domain1.com/" "customscan"
    wpscanip - - [07/Jan/2016:03:30:34 +0000] "GET /wp-content/plugins/akismet/error_log HTTP/1.1" 404 162 "http://domain1.com/" "customscan"
    looks like it's possibly due to the status 200 returned for the directory itself
    Code:
    wpscanip - - [07/Jan/2016:03:30:28 +0000] "GET /wp-content/plugins/akismet/ HTTP/1.1" 200 26 "http://domain1.com/" "customscan"
    with default blocked WPScan useragent, WP Super Cache is detected all other WP Plugins aren't detected
    Code:
    [+] WordPress version 4.4.1 identified from advanced fingerprinting
    
    [+] Enumerating installed plugins (only ones with known vulnerabilities) ...
    
       Time: 00:00:05 <=================================================================================================================================================================================================> (1253 / 1253) 100.00% Time: 00:00:05
    
    [+] We found 1 plugins:
    
    [+] Name: wp-super-cache
    |  Latest version: 1.4.7
    |  Location: http://domain1/wp-content/plugins/wp-super-cache/
    
    [!] We could not determine a version so all vulnerabilities are printed out
    
    [!] Title: WP-Super-Cache 1.3 - Remote Code Execution
        Reference: https://wpvulndb.com/vulnerabilities/6623
        Reference: http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
        Reference: http://wordpress.org/support/topic/pwn3d
        Reference: http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
    [i] Fixed in: 1.3.1
    Code:
    tail -200 access.log | grep super-cache
    wpscanip - - [07/Jan/2016:03:37:40 +0000] "GET /wp-content/plugins/wp-super-cache/ReadMe.txt HTTP/1.1" 444 0 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [07/Jan/2016:03:37:40 +0000] "GET /wp-content/plugins/wp-super-cache/README.TXT HTTP/1.1" 444 0 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [07/Jan/2016:03:37:41 +0000] "GET /wp-content/plugins/wp-super-cache/changelog.txt HTTP/1.1" 444 0 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [07/Jan/2016:03:37:41 +0000] "GET /wp-content/plugins/wp-super-cache/ HTTP/1.1" 444 0 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
    wpscanip - - [07/Jan/2016:03:37:41 +0000] "GET /wp-content/plugins/wp-super-cache/error_log HTTP/1.1" 444 0 "http://domain1.com/" "WPScan v2.9 (http://wpscan.org)"
     
    Last edited: Jan 7, 2016
  9. BigIron

    BigIron Member

    64
    15
    8
    Sep 18, 2015
    Ratings:
    +19
    Local Time:
    11:13 PM
    I keep getting this error. As far as I can tell typhoeus is installed properly.

    Code:
    Bundler::GemspecError: Could not read gem at /usr/local/rvm/gems/ruby-2.3.0@wpscan/cache/typhoeus-0.8.0.gem. It may be corrupted.
    An error occurred while installing typhoeus (0.8.0), and Bundler cannot continue.
    Make sure that `gem install typhoeus -v '0.8.0'` succeeds before bundling.
    
     
  10. eva2000

    eva2000 Administrator Staff Member

    54,345
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    5:13 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    might need to ask WPScan folks at Issues · wpscanteam/wpscan · GitHub
     
  11. BigIron

    BigIron Member

    64
    15
    8
    Sep 18, 2015
    Ratings:
    +19
    Local Time:
    11:13 PM
    On a hunch I simply rm'd typhoeus-0.8.0.gem, ran gem install typhoeus, then re-ran the bundle install and it worked :)
     
  12. John

    John New Member

    5
    1
    3
    Nov 17, 2016
    Ratings:
    +1
    Local Time:
    3:13 PM
    1.10.2
    MariaDB 10.0.28
    thank you boss for this tutorial of how to install WPScan
    working on my CentOS 6
     
    Last edited: Dec 15, 2016
  13. eva2000

    eva2000 Administrator Staff Member

    54,345
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    5:13 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+