-
Notifications
You must be signed in to change notification settings - Fork 1.3k
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detect too many 4xx and/or 5xx HTTP error codes #1699
Comments
Trigger an error message in such case would be a very bad idea, as during enumeration, they are usually a lot of 404. What could be done, is maybe display a list of the 5 most status codes received at the end of the scan (along with the number of requests done for example). Something like:
Would that work for you ? (if you have any other idea for the output format, or text, please share :)) |
Good point for the 404 this one should definitely not trigger a warning but if there are no other cases I would just add the 404 as an exception. I would still add a line if there are any 4xx or 5xx errors except for 404.
|
I ran into this issue today where WPScan would not return meaningful results without apparent reasons.
After investigation it was because of two issues:
Technically the behavior was the following:
500
error when WordPress could not reach the database (Error establishing a database connection
)429
when there was too many requestsI was able to workaround thoses isues with a combination of using
--throttle
and setting a custom user-agent using--ua
.Ideally wpscan would detect that something unusual is going on and would warn the user.
One way to do that would be to trigger an error message when there are too many 4XX and 5XX error codes like it is done in sqlmap: https://github.com/sqlmapproject/sqlmap/blob/519c0ac01ba0efb82b688ba2381e9e909127985a/lib/core/common.py#L3704
The text was updated successfully, but these errors were encountered: