Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change the wpscan defaults #1750

Merged

Conversation

domwhewell-sage
Copy link
Contributor

There were alot of enumeration defaults enabled on wpscan and if a wordpress site did not respond to any of the 1000s of requests it sends to enumerate plugins, themes, timthumbs etc. you could be waiting a long time for the requests to timeout.
As noted here #1729 it was taking 45+ minutes on a URL.

It was not stuck but the wpscan json output does not display progress. After looking into it the request_timeout and enumerate settings were causing it to potentially take a long time.

I have removed Timthumbs enumeration and User/Media enumeration from the default options users can still add them back using the modules.wpscan.enumerate= config option
I have also reduced the HTTP timeout to the same as the httpx timeout

I am unsure if this module deserves to be tagged with "slow" as it potentially could be slow if the wordpress app does not respond to any of the enumeration requests it could potentially take ~25 minutes with these default settings.

@domwhewell-sage domwhewell-sage changed the title Changed defaults Change the wpscan defaults Sep 7, 2024
@TheTechromancer TheTechromancer merged commit 2f3ea2d into blacklanternsecurity:dev Sep 9, 2024
8 checks passed
@domwhewell-sage domwhewell-sage deleted the wpscan_speedup branch September 9, 2024 16:02
@TheTechromancer TheTechromancer mentioned this pull request Sep 12, 2024
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants