Add /.well-known/security.txt check

See https://securitytxt.org/
2018-05-09 16:34:30 +01:00
parent 6c0a21c80d
commit 37a72f0c72
4 changed files with 157 additions and 0 deletions
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -219,6 +219,14 @@ def main
      end
    end

+    if wp_target.has_security?
+      puts info("security.txt available under: #{wp_target.security_url}")
+
+      wp_target.parse_security_txt.each do |dir|
+        puts info("Interesting entry from security.txt: #{dir}")
+      end
+    end
+
    if wp_target.has_full_path_disclosure?
      puts warning("Full Path Disclosure (FPD) in '#{wp_target.full_path_disclosure_url}': #{wp_target.full_path_disclosure_data}")
    end