You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Trigger an error message in such case would be a very bad idea, as during enumeration, they are usually a lot of 404.
What could be done, is maybe display a list of the 5 most status codes received at the end of the scan (along with the number of requests done for example).
Good point for the 404 this one should definitely not trigger a warning but if there are no other cases I would just add the 404 as an exception.
I would still add a line if there are any 4xx or 5xx errors except for 404.
[+] Requests Done: 185
[+] Most Response codes received: 200: 100, 429: 50, 500: 30, 404: 5
[+] Too many 4xx and/or 5xx HTTP error codes could mean that some kind of protection is involved (e.g. WAF)
I ran into this issue today where WPScan would not return meaningful results without apparent reasons.
After investigation it was because of two issues:
Technically the behavior was the following:
500
error when WordPress could not reach the database (Error establishing a database connection
)429
when there was too many requestsI was able to workaround thoses isues with a combination of using
--throttle
and setting a custom user-agent using--ua
.Ideally wpscan would detect that something unusual is going on and would warn the user.
One way to do that would be to trigger an error message when there are too many 4XX and 5XX error codes like it is done in sqlmap: https://github.com/sqlmapproject/sqlmap/blob/519c0ac01ba0efb82b688ba2381e9e909127985a/lib/core/common.py#L3704
The text was updated successfully, but these errors were encountered: