Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

False Negative #1833

Open
MartinDeBeer opened this issue Mar 18, 2024 · 4 comments
Open

False Negative #1833

MartinDeBeer opened this issue Mar 18, 2024 · 4 comments

Comments

@MartinDeBeer
Copy link

Before submitting an issue, please make sure you fully read any potential error messages output and did some research on your own.

Subject of the issue

I just tried to scan a website for a bug bounty, but it keeps telling me that the site is not written in WordPress even though I can see that it is by going into the source code.

Your environment

  • Version of WPScan:
    Current Version: 3.8.25
  • Version of Ruby:
    ruby 3.1.2p20
  • Operating System (OS):
    kali OS

Steps to reproduce

  1. command: wpscan --url website
  2. command: wpscan --url website --force -e vp,vt,cb,dbe it with --wp-content-dir, use the --scope option or make sure the --url
  3. command: wpscan --url website --force -e vp,vt,cb,dbe --wp-content-dir website/wp-content

Expected behavior

There are at least 2 of the plugins that I checked on the wpscan website if they are vulnerable and the website said they are

Actual behavior

  1. returns Scan Aborted: The remote website is up, but does not seem to be running WordPress.
  2. returns Scan Aborted: Unable to identify the wp-content dir, please supply value given is the correct one
  3. returns Could not detect version, no plugins found, no themes found, no config backups found and no DB exports found

What have you already tried

Tell us what you have already tried to do to fix the issue you are having.

Things you have tried (where relevant):

  • Update WPScan to the latest version [x ]
  • Update Ruby to the latest version [x ]
  • Ensure you can reach the target site using cURL [x ]
  • Proxied WPScan through a HTTP proxy to view the raw traffic [ ]
  • Ensure you are using a supported Operating System (Linux and macOS) [x ]
@MartinDeBeer
Copy link
Author

I have tested wpscan with a few different websites now on kali OS and on ParrotOS and on every occasion it has told me that the website is not running wordpress even though I can confirm that it does

@akirataguchi115
Copy link

akirataguchi115 commented May 6, 2024

Can you reproduce this issue with some other website that is no the website you have been bug bountied? Have you tried --stealthy?

@MartinDeBeer
Copy link
Author

MartinDeBeer commented May 7, 2024 via email

@akirataguchi115
Copy link

Good to hear you got your issue solved! Could you close this issue? Thanks again for taking the time to report this issue <3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants