Skip to content

Releases: wpscanteam/wpscan

v3.5.2

Choose a tag to compare

@erwanlr erwanlr released this 08 Apr 16:39

Fixes an error when running wpscan without any argument - wpscanteam/CMSScanner#88

v3.5.1

Choose a tag to compare

@erwanlr erwanlr released this 07 Apr 16:59

Dev Stuff:

  • Parsed options are now accessible the ParsedCli class from everywhere, rather than just the controllers

v3.5.0

Choose a tag to compare

@erwanlr erwanlr released this 03 Apr 11:51

Changes/Improvements:

  • All enumeration processes, and most other checks now use HEAD requests and then perform a GET when suitable (related to the long wanted #211). This reduces the data received, especially with custom 404 returning a lot of data
  • Make sure files which can return a lot of data, such as SQL dumps, are checked with a Range header - #1322
  • Running Stats (Requests done, Memory used and so on) are now always displayed at the end of the scan, when the scan is valid, ie not CLI errors, not Wordpress Error etc (so once the URL and Started time are displayed, stats will be output at the end no matter what)
  • More accurate memory usage, by getting the starting memory when a scan is initialised
  • Additional detection of the WP-JSON API via the source of the homepage -#1319
  • Detection of wp-content dir from RAW JavaScript
  • Password Attack against the wp-login.php improved to avoid False Positive
  • Minified version of static files also checked when trying to determine WP version - #1311
  • Check errors 500 as well as custom 401/403 during plugin/theme enumeration - #1090

Removals:

  • WPScan is no longer checking for the changelog URLs when displaying plugins and themes. Versions detection from changelogs are still performed

Fixes:

Dev Stuff:

  • Profiling executable added - #1321
  • frozen_string_literal comment is now used everywhere, to reduce object allocations
  • Better code for WpVersion#all
  • Models and Errors moved into their own namespace - #1315

v3.4.5

Choose a tag to compare

@erwanlr erwanlr released this 10 Mar 11:03
  • Adds detection of wp-cron.php - #1299
  • Handles uncaught exceptions when --password-attack was used but the XML-RPC was not detected - #1307
  • Improves Debug Log and XML-RPC detections (via CMSSCanner 0.0.41.4)

v3.4.4

Choose a tag to compare

@erwanlr erwanlr released this 11 Feb 12:11
  • Display enumeration methods (passive/aggressive) in output. (#1284)
  • Improves WordPress detection when no clues are present in the homepage (#1277)
  • Check for multi page results when gathering users via the WP JSON API (#1285 - Thanks to @melalj)

v3.4.3

Choose a tag to compare

@erwanlr erwanlr released this 11 Jan 13:18
  • Updates dependencies and specs

v3.4.1

Choose a tag to compare

@erwanlr erwanlr released this 13 Dec 22:42

Fixes #1264

v3.4.0

Choose a tag to compare

@erwanlr erwanlr released this 12 Nov 16:40

Fixes #1246
Fixes #1245
Fixes #1242
Fixes #1244
Fixes #1241

v3.3.3

Choose a tag to compare

@erwanlr erwanlr released this 02 Nov 21:30

Fixes #1228
Fixes #1232
Fixes #1236
Fixes #1237

v3.3.2

Choose a tag to compare

@erwanlr erwanlr released this 20 Oct 14:01
  • Adds a --hh cli option to display the full help. -h now displays a simplified help.

  • Displays the release date of the WP version detected.