Comments (16)
This was suggested to me right at the beginning of development of WPScan but the codebase then was pretty messy and it would have taken a lot of work to get it gem compatible. There has been great improvements to the code and organisation of it since then though and WPScan is more the 'ruby way' now so I think it should be much easier to accomplish.
from wpscan.
I can work on it on my fork and then submitting a new pull request
from wpscan.
Sounds great!
Just reading through the 'Package your programs as gems' chapter of Eloquent Ruby book to get myself acquainted with the process. :)
from wpscan.
Wouldn't packaging wpscan in a gem interfere with our git based updating mechanism? Genuine question, I have no experience in this.
Because In the case we'll have to wait to implement the web api to handle db updates.
from wpscan.
The gem won't include the very latest github code, so users will still update the normal way.
We'll just build gems from time to time which makes it easier for users to install and for us to distribute the code.
from wpscan.
Actually, user wouldn't be able to update in the usual way because they wouldn't have installed it with git.
from wpscan.
Maybe we can put gems out there for people who want the ease of installation, don't really care if it the very latest version. We'll release them every now and then.
But also keep what we do now for users who don't mind installing dependencies and want the very latest code.
from wpscan.
IMHO having a vulnerability DB API that the tool will prompt for KB updates it's a feasible approach
from wpscan.
Yes the development version will always be available from our public repository but we should try to stick with just one updating system.
Packaging everything in a gem is great but we should wait for the api to deliver db updates which are more critical than code changes.
from wpscan.
@gbrindisi it makes sense, however I think that porting the code base to gem it will require some coding time so I think that you'll have public API for KB updating.
An aside node... ruby is more familiar with JSON rather than XML (that has also minor overhead in terms of bytes), we can think about refactoring data format that wpscan will fetch from DB... is there any doc about DB API implementation?
from wpscan.
IMHO having a vulnerability DB API that the tool will prompt for KB updates it's a feasible approach
@thesp0nge yes this is our opinion as well and we are building a prototype right now. The problem is that we are actually delivering db updates trough git and we (IMO) can't afford to ditch it suddenly... while is perfectly acceptable to use outdated versions of the code without fresh db updates half of the functionalities of wpscan becomes useless.
I suggest this: let's plan a development roadmap that leads to the 3.0 milestone which comprises of the new gem architecture and the new api based update system. We stick to it, make tests, implement everything we need and once ready we release 3.0 in a nice gem wrap.
from wpscan.
@gbrindisi You're right, a gem will add complexity and maintainability issues for little benefit. We'll hang fire on this until the api is ready and then take another look at it then.
@thesp0nge We've just started working on public which is currently closed source. This is mainly headed by @gbrindisi.
from wpscan.
An aside node... ruby is more familiar with JSON rather than XML (that has also minor overhead in terms of bytes), we can think about refactoring data format that wpscan will fetch from DB... is there any doc about DB API implementation?
@thesp0nge We are still designing it. Anyway the prototype implements json as the api data format.
If you have suggestions I'd love to hear them (feel free to mail me or dm on twitter if you like).
from wpscan.
I suggest this: let's plan a development roadmap that leads to the 3.0 milestone which comprises of the new gem
architecture and the new api based update system. We stick to it, make tests, implement everything we need and
once ready we release 3.0 in a nice gem wrap.
@gbrindisi Super, keep me posted, I'd like to contribute if it's ok for you
from wpscan.
Closing this for now. We can re-open in future to take another look at it.
from wpscan.
Definitely it makes sense now. Let's freeze this one.
On 26 October 2012 11:59, ethicalhack3r [email protected] wrote:
Closing this for now. We can re-open in future to take another look at it.
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/46#issuecomment-9808195.
$ cd /pub
$ more beer
The blog that fills the gap between appsec and developers:
http://armoredcode.com
from wpscan.
Related Issues (20)
- WordPress v6.4.3 wrongly detected as v6.4.2 resulting in a false positive alert HOT 2
- Error: Server error, try reducing the number of threads. WPSCAN
- Wpscan not following redirect when I set format to json
- False Negative HOT 4
- Using proxy to access target without internet HOT 1
- wpscan --update renders error after upgrade from Ubuntu 20.04 to Ubuntu 22.04. /usr/bin/ruby2.7: bad interpreter: No such file or directory HOT 2
- cannot load such file -- json HOT 5
- WP version detection from query parameters of upgrade.php etc.
- security
- Scan Aborted: Unable to get https://data.wpscan.org/metadata.json.sha512 (SSL peer certificate or SSH remote key was not OK) HOT 4
- марик HOT 1
- Add an option to set url for get plugins list from custom wordpress api
- Failed to build gem native extension HOT 1
- Cannot download WPScan WordPress Vulnerability Database exports as an Enterprise customer
- Scan Aborted: wrong constant name/ Version_finder_module.const_set(constant_name, Module.new) ERROR
- Website timed-out after trying to use --password-attack, can no longer visit the site. Why?
- Unable to detect Wordpress version HOT 4
- Scan Aborted: metadata.json: checksums do not match. Please try again in a few minutes.
- Installation Failing - An error occurred while installing nokogiri (1.15.6) HOT 2
- Can't load scan.yml in Debial WSL2 Win 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wpscan.