|
|
I can't reproduce this here - have you run apt-get update?
sudo apt-get install wpscan
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
ruby-mime ruby-mini-exiftool ruby-net-http-digest-auth ruby-spider
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
ruby-cms-scanner ruby-nokogiri
The following NEW packages will be installed:
ruby-cms-scanner ruby-nokogiri wpscan
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Installing wpscan pulls in ruby-nokogiri |
|
steev
2021-01-31 21:51
manager
~0014174
Last edited: 2021-02-01 00:01
|
Sorry - misread the error message - it seems wpscan doesn't like ruby-nokogiri 1.11.1. On a system that still has ruby-nokogiri 1.10.9+dfsg-1+b1 installed, wpscan runs fine. A workaround would be to download the 1.10 release from http://kali.download/kali/pool/main/r/ruby-nokogiri/ and install it - then you'd want to either apt-mark hold it, or re-install the older version until a fixed ruby-cms-scanner release happens. |
|
|
|
WPScan dev here, since CMSScanner 0.12.2, Nokogiri 1.11 is fetched (https://github.com/wpscanteam/CMSScanner/blob/v0.12.2/cms_scanner.gemspec#L23), so this should not happen.
I've downloaded the latest Kali (64bit), WPScan was at 3.8.10, updated it with sudo apt-get update && sudo apt-get install wpscan and then ran WPScan (v3.8.13) w/o any issue. |
|
|
|
Thanks for replying Erwan, but here, I'm seeing the same issue as the original poster on both x86_64 and arm64.
steev@c630:~$ apt policy wpscan
wpscan:
Installed: 3.8.13-0kali1
Candidate: 3.8.13-0kali1
Version table:
3.8.13-0kali1 500
500 https://kali.download/kali kali-rolling/non-free arm64 Packages
500 https://kali.download/kali kali-dev/non-free arm64 Packages
100 /var/lib/dpkg/status
steev@c630:~$ apt policy ruby-nokogiri
ruby-nokogiri:
Installed: 1.11.1+dfsg-1
Candidate: 1.11.1+dfsg-1
Version table:
1.11.1+dfsg-1 500
500 https://kali.download/kali kali-rolling/main arm64 Packages
500 https://kali.download/kali kali-dev/main arm64 Packages
100 /var/lib/dpkg/status
steev@c630:~$ apt policy ruby-cms-scanner
ruby-cms-scanner:
Installed: 0.13.0-0kali1
Candidate: 0.13.0-0kali1
Version table:
*** 0.13.0-0kali1 500
500 https://kali.download/kali kali-rolling/main arm64 Packages
500 https://kali.download/kali kali-dev/main arm64 Packages
100 /var/lib/dpkg/status |
|
|
|
Looking at the /usr/share/rubygems-integration/all/specifications/cms_scanner-0.13.0.gemspec, some version constraints are wrong in there, e.g:
s.add_runtime_dependency(%q<nokogiri>.freeze, ["~> 1.10.9"])
s.add_runtime_dependency(%q<yajl-ruby>.freeze, [">= 1.3.1"])
Even though the versions are correct at https://gitlab.com/kalilinux/packages/ruby-cms-scanner/-/blob/kali/master/cms_scanner.gemspec
So it seems that you have something (like a patching script?) changing the versions before installing the gem. Actually, I just found it: https://gitlab.com/kalilinux/packages/ruby-cms-scanner/-/blob/kali/master/debian/patches/change-minimal-required-version.patch |
|
|
|
Thanks, assigned the bug to Sophie to get that patch updated :) |
|
|
|
fixed in version ruby-cms-scanner version 0.13.1-0kali1 |
|
