View Issue Details

IDProjectCategoryView StatusLast Update
0007023Kali LinuxKali Package Bugpublic2021-02-02 09:37
Reporterproduct_hardhat Assigned Tosbrun  
Status resolvedResolutionfixed 
Summary0007023: ruby-cms-scanner applying kali patch that breaks wpscan

installed wpscan via apt-get. immediately got the following when running

Traceback (most recent call last):
12: from /usr/bin/wpscan:23:in <main>' 11: from /usr/lib/ruby/vendor_ruby/rubygems.rb:301:inactivate_bin_path'
10: from /usr/lib/ruby/vendor_ruby/rubygems.rb:301:in synchronize' 9: from /usr/lib/ruby/vendor_ruby/rubygems.rb:302:inblock in activate_bin_path'
8: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1370:in activate' 7: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1388:inactivate_dependencies'
6: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1388:in each' 5: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1406:inblock in activate_dependencies'
4: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1370:in activate' 3: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1388:inactivate_dependencies'
2: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1388:in each' 1: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1400:inblock in activate_dependencies'
/usr/lib/ruby/vendor_ruby/rubygems/dependency.rb:309:in to_specs': Could not find 'nokogiri' (~> 1.10.9) - did find: [nokogiri-1.11.1] (Gem::MissingSpecVersionError) Checked in 'GEM_PATH=/home/vmuser/.local/share/gem/ruby/2.7.0:/var/lib/gems/2.7.0:/usr/local/lib/ruby/gems/2.7.0:/usr/lib/ruby/gems/2.7.0:/usr/lib/x86_64-linux-gnu/ruby/gems/2.7.0:/usr/share/rubygems-integration/2.7.0:/usr/share/rubygems-integration/all:/usr/lib/x86_64-linux-gnu/rubygems-integration/2.7.0' , executegem envfor more information 12: from /usr/bin/wpscan:23:in<main>'
11: from /usr/lib/ruby/vendor_ruby/rubygems.rb:301:in activate_bin_path' 10: from /usr/lib/ruby/vendor_ruby/rubygems.rb:301:insynchronize'
9: from /usr/lib/ruby/vendor_ruby/rubygems.rb:302:in block in activate_bin_path' 8: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1370:inactivate'
7: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1388:in activate_dependencies' 6: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1388:ineach'
5: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1406:in block in activate_dependencies' 4: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1370:inactivate'
3: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1388:in activate_dependencies' 2: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1388:ineach'
1: from /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1399:in block in activate_dependencies' /usr/lib/ruby/vendor_ruby/rubygems/specification.rb:1402:inrescue in block in activate_dependencies': Could not find 'nokogiri' (~> 1.10.9) among 80 total gem(s) (Gem::MissingSpecError)
Checked in 'GEM_PATH=/home/vmuser/.local/share/gem/ruby/2.7.0:/var/lib/gems/2.7.0:/usr/local/lib/ruby/gems/2.7.0:/usr/lib/ruby/gems/2.7.0:/usr/lib/x86_64-linux-gnu/ruby/gems/2.7.0:/usr/share/rubygems-integration/2.7.0:/usr/share/rubygems-integration/all:/usr/lib/x86_64-linux-gnu/rubygems-integration/2.7.0' at: /usr/share/rubygems-integration/all/specifications/cms_scanner-0.13.0.gemspec, execute gem env for more information

missing thing is installed

$ dpkg --get-selections | grep nokogiri
ruby-nokogiri install

Steps To Reproduce
  • install wpscan
  • run it against any wp install


has duplicate 0007017 resolvedsbrun wpscan does not start after upgrade 




2021-01-31 21:35

manager   ~0014173

I can't reproduce this here - have you run apt-get update?

sudo apt-get install wpscan
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
ruby-mime ruby-mini-exiftool ruby-net-http-digest-auth ruby-spider
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
ruby-cms-scanner ruby-nokogiri
The following NEW packages will be installed:
ruby-cms-scanner ruby-nokogiri wpscan
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.

Installing wpscan pulls in ruby-nokogiri



2021-01-31 21:51

manager   ~0014174

Last edited: 2021-02-01 00:01

Sorry - misread the error message - it seems wpscan doesn't like ruby-nokogiri 1.11.1. On a system that still has ruby-nokogiri 1.10.9+dfsg-1+b1 installed, wpscan runs fine. A workaround would be to download the 1.10 release from and install it - then you'd want to either apt-mark hold it, or re-install the older version until a fixed ruby-cms-scanner release happens.

2021-02-01 11:23

reporter   ~0014175

WPScan dev here, since CMSScanner 0.12.2, Nokogiri 1.11 is fetched (, so this should not happen.

I've downloaded the latest Kali (64bit), WPScan was at 3.8.10, updated it with sudo apt-get update && sudo apt-get install wpscan and then ran WPScan (v3.8.13) w/o any issue.



2021-02-01 14:08

manager   ~0014176

Thanks for replying Erwan, but here, I'm seeing the same issue as the original poster on both x86_64 and arm64.

steev@c630:~$ apt policy wpscan
Installed: 3.8.13-0kali1
Candidate: 3.8.13-0kali1
Version table:
3.8.13-0kali1 500
500 kali-rolling/non-free arm64 Packages
500 kali-dev/non-free arm64 Packages
100 /var/lib/dpkg/status
steev@c630:~$ apt policy ruby-nokogiri
Installed: 1.11.1+dfsg-1
Candidate: 1.11.1+dfsg-1
Version table:
1.11.1+dfsg-1 500
500 kali-rolling/main arm64 Packages
500 kali-dev/main arm64 Packages
100 /var/lib/dpkg/status
steev@c630:~$ apt policy ruby-cms-scanner
Installed: 0.13.0-0kali1
Candidate: 0.13.0-0kali1
Version table:
*** 0.13.0-0kali1 500
500 kali-rolling/main arm64 Packages
500 kali-dev/main arm64 Packages
100 /var/lib/dpkg/status

2021-02-01 15:13

reporter   ~0014177

Looking at the /usr/share/rubygems-integration/all/specifications/cms_scanner-0.13.0.gemspec, some version constraints are wrong in there, e.g:

s.add_runtime_dependency(%q&lt;nokogiri>.freeze, [&quot;~> 1.10.9&quot;])
s.add_runtime_dependency(%q&lt;yajl-ruby>.freeze, [&quot;>= 1.3.1&quot;])

Even though the versions are correct at

So it seems that you have something (like a patching script?) changing the versions before installing the gem. Actually, I just found it:



2021-02-01 18:20

manager   ~0014179

Thanks, assigned the bug to Sophie to get that patch updated :)



2021-02-02 09:36

manager   ~0014183

fixed in version ruby-cms-scanner version 0.13.1-0kali1

Issue History

Date Modified Username Field Change
2021-01-31 21:12 product_hardhat New Issue
2021-01-31 21:35 steev Note Added: 0014173
2021-01-31 21:51 steev Note Added: 0014174
2021-02-01 00:01 steev Note Edited: 0014174
2021-02-01 11:23 Note Added: 0014175
2021-02-01 14:08 steev Note Added: 0014176
2021-02-01 15:13 Note Added: 0014177
2021-02-01 18:19 steev Assigned To => sbrun
2021-02-01 18:19 steev Status new => confirmed
2021-02-01 18:19 steev Summary wpscan missing ruby modules => ruby-cms-scanner applying kali patch that breaks wpscan
2021-02-01 18:20 steev Note Added: 0014179
2021-02-02 09:36 sbrun Status confirmed => resolved
2021-02-02 09:36 sbrun Resolution open => fixed
2021-02-02 09:36 sbrun Note Added: 0014183
2021-02-02 09:37 sbrun Relationship added has duplicate 0007017