View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007023 | Kali Linux | [All Projects] Kali Package Bug | public | 2021-01-31 21:12 | 2021-02-02 09:37 |
| Reporter | product_hardhat | Assigned To | sbrun | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | |||||
| Target Version | Fixed in Version | ||||
| Summary | 0007023: ruby-cms-scanner applying kali patch that breaks wpscan | ||||
| Description | installed wpscan via apt-get. immediately got the following when running Traceback (most recent call last): 12: from /usr/bin/wpscan:23:in `<main>' 11: from /usr/lib/ruby/vendor_ruby/rubygems.rb:301:in `activate_bin_path' 10: from /usr/lib/ruby/vendor_ruby/rubygems.rb:301:in `synchronize' 9: from /usr/lib/ruby/vendor_ruby/rubygems.rb:302:in `block in activate_bin_path' 8: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1370:in `activate' 7: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1388:in `activate_dependencies' 6: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1388:in `each' 5: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1406:in `block in activate_dependencies' 4: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1370:in `activate' 3: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1388:in `activate_dependencies' 2: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1388:in `each' 1: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1400:in `block in activate_dependencies' /usr/lib/ruby/vendor_ruby/rubygems/dependency.rb:309:in `to_specs': Could not find 'nokogiri' (~> 1.10.9) - did find: [nokogiri-1.11.1] (Gem::MissingSpecVersionError) Checked in 'GEM_PATH=/home/vmuser/.local/share/gem/ruby/2.7.0:/var/lib/gems/2.7.0:/usr/local/lib/ruby/gems/2.7.0:/usr/lib/ruby/gems/2.7.0:/usr/lib/x86_64-linux-gnu/ruby/gems/2.7.0:/usr/share/rubygems-integration/2.7.0:/usr/share/rubygems-integration/all:/usr/lib/x86_64-linux-gnu/rubygems-integration/2.7.0' , execute `gem env` for more information 12: from /usr/bin/wpscan:23:in `<main>' 11: from /usr/lib/ruby/vendor_ruby/rubygems.rb:301:in `activate_bin_path' 10: from /usr/lib/ruby/vendor_ruby/rubygems.rb:301:in `synchronize' 9: from /usr/lib/ruby/vendor_ruby/rubygems.rb:302:in `block in activate_bin_path' 8: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1370:in `activate' 7: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1388:in `activate_dependencies' 6: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1388:in `each' 5: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1406:in `block in activate_dependencies' 4: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1370:in `activate' 3: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1388:in `activate_dependencies' 2: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1388:in `each' 1: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1399:in `block in activate_dependencies' /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1402:in `rescue in block in activate_dependencies': Could not find 'nokogiri' (~> 1.10.9) among 80 total gem(s) (Gem::MissingSpecError) Checked in 'GEM_PATH=/home/vmuser/.local/share/gem/ruby/2.7.0:/var/lib/gems/2.7.0:/usr/local/lib/ruby/gems/2.7.0:/usr/lib/ruby/gems/2.7.0:/usr/lib/x86_64-linux-gnu/ruby/gems/2.7.0:/usr/share/rubygems-integration/2.7.0:/usr/share/rubygems-integration/all:/usr/lib/x86_64-linux-gnu/rubygems-integration/2.7.0' at: /usr/share/rubygems-integration/all/specifications/cms_scanner-0.13.0.gemspec, execute `gem env` for more information missing thing is installed $ dpkg --get-selections | grep nokogiri ruby-nokogiri install | ||||
| Steps To Reproduce | - install wpscan - run it against any wp install | ||||
|
|
I can't reproduce this here - have you run apt-get update? sudo apt-get install wpscan Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: ruby-mime ruby-mini-exiftool ruby-net-http-digest-auth ruby-spider Use 'sudo apt autoremove' to remove them. The following additional packages will be installed: ruby-cms-scanner ruby-nokogiri The following NEW packages will be installed: ruby-cms-scanner ruby-nokogiri wpscan 0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded. Installing wpscan pulls in ruby-nokogiri |
|
|
Sorry - misread the error message - it seems wpscan doesn't like ruby-nokogiri 1.11.1. On a system that still has ruby-nokogiri 1.10.9+dfsg-1+b1 installed, wpscan runs fine. A workaround would be to download the 1.10 release from http://kali.download/kali/pool/main/r/ruby-nokogiri/ and install it - then you'd want to either apt-mark hold it, or re-install the older version until a fixed ruby-cms-scanner release happens. |
|
|
WPScan dev here, since CMSScanner 0.12.2, Nokogiri 1.11 is fetched (https://github.com/wpscanteam/CMSScanner/blob/v0.12.2/cms_scanner.gemspec#L23), so this should not happen. I've downloaded the latest Kali (64bit), WPScan was at 3.8.10, updated it with `sudo apt-get update && sudo apt-get install wpscan` and then ran WPScan (v3.8.13) w/o any issue. |
|
|
Thanks for replying Erwan, but here, I'm seeing the same issue as the original poster on both x86_64 and arm64. steev@c630:~$ apt policy wpscan wpscan: Installed: 3.8.13-0kali1 Candidate: 3.8.13-0kali1 Version table: *** 3.8.13-0kali1 500 500 https://kali.download/kali kali-rolling/non-free arm64 Packages 500 https://kali.download/kali kali-dev/non-free arm64 Packages 100 /var/lib/dpkg/status steev@c630:~$ apt policy ruby-nokogiri ruby-nokogiri: Installed: 1.11.1+dfsg-1 Candidate: 1.11.1+dfsg-1 Version table: *** 1.11.1+dfsg-1 500 500 https://kali.download/kali kali-rolling/main arm64 Packages 500 https://kali.download/kali kali-dev/main arm64 Packages 100 /var/lib/dpkg/status steev@c630:~$ apt policy ruby-cms-scanner ruby-cms-scanner: Installed: 0.13.0-0kali1 Candidate: 0.13.0-0kali1 Version table: *** 0.13.0-0kali1 500 500 https://kali.download/kali kali-rolling/main arm64 Packages 500 https://kali.download/kali kali-dev/main arm64 Packages 100 /var/lib/dpkg/status |
|
|
Looking at the `/usr/share/rubygems-integration/all/specifications/cms_scanner-0.13.0.gemspec`, some version constraints are wrong in there, e.g: `s.add_runtime_dependency(%q<nokogiri>.freeze, ["~> 1.10.9"])` `s.add_runtime_dependency(%q<yajl-ruby>.freeze, [">= 1.3.1"])` Even though the versions are correct at https://gitlab.com/kalilinux/packages/ruby-cms-scanner/-/blob/kali/master/cms_scanner.gemspec So it seems that you have something (like a patching script?) changing the versions before installing the gem. Actually, I just found it: https://gitlab.com/kalilinux/packages/ruby-cms-scanner/-/blob/kali/master/debian/patches/change-minimal-required-version.patch |
|
|
Thanks, assigned the bug to Sophie to get that patch updated :) |
|
|
fixed in version ruby-cms-scanner version 0.13.1-0kali1 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-01-31 21:12 | product_hardhat | New Issue | |
| 2021-01-31 21:35 | steev | Note Added: 0014173 | |
| 2021-01-31 21:51 | steev | Note Added: 0014174 | |
| 2021-02-01 00:01 | steev | Note Edited: 0014174 | View Revisions |
| 2021-02-01 11:23 | Erwan.lr | Note Added: 0014175 | |
| 2021-02-01 14:08 | steev | Note Added: 0014176 | |
| 2021-02-01 15:13 | Erwan.lr | Note Added: 0014177 | |
| 2021-02-01 18:19 | steev | Assigned To | => sbrun |
| 2021-02-01 18:19 | steev | Status | new => confirmed |
| 2021-02-01 18:19 | steev | Summary | wpscan missing ruby modules => ruby-cms-scanner applying kali patch that breaks wpscan |
| 2021-02-01 18:20 | steev | Note Added: 0014179 | |
| 2021-02-02 09:36 | sbrun | Status | confirmed => resolved |
| 2021-02-02 09:36 | sbrun | Resolution | open => fixed |
| 2021-02-02 09:36 | sbrun | Note Added: 0014183 | |
| 2021-02-02 09:37 | sbrun | Relationship added | has duplicate 0007017 |