diff --git a/engine/fuzz.py b/engine/fuzz.py index dd528ac..5b1fca7 100644 --- a/engine/fuzz.py +++ b/engine/fuzz.py @@ -36,7 +36,7 @@ class Fuzz_Engine: for component in data: component = component.strip() iter_aggressive += 1 - http_client.fetch(wordpress.url + component, aggressive_request_component, method='HEAD') == True + http_client.fetch(wordpress.url + component, aggressive_request_component, method='HEAD', validate_cert=False) == True ioloop.IOLoop.instance().start() @@ -59,7 +59,7 @@ class Fuzz_Engine: for theme in data: theme = theme.strip() iter_aggressive += 1 - http_client.fetch(wordpress.url + theme + "style.css", aggressive_request_plugins, method='HEAD') == True + http_client.fetch(wordpress.url + theme + "style.css", aggressive_request_plugins, method='HEAD', validate_cert=False) == True ioloop.IOLoop.instance().start() @@ -81,7 +81,7 @@ class Fuzz_Engine: for plugin in data: plugin = plugin.strip() iter_aggressive += 1 - http_client.fetch(wordpress.url + plugin, aggressive_request_plugins, method='HEAD') == True + http_client.fetch(wordpress.url + plugin, aggressive_request_plugins, method='HEAD', validate_cert=False) == True ioloop.IOLoop.instance().start() diff --git a/engine/scan.py b/engine/scan.py index 75ccdd7..9610aec 100644 --- a/engine/scan.py +++ b/engine/scan.py @@ -40,7 +40,7 @@ class Scan_Engine: description : detect the version of WordPress based on the generator tag in index.php/feed/ """ def fingerprint_wp_version_feed_based(self, wordpress): - r = requests.get(wordpress.url + "index.php/feed", headers={"User-Agent":wordpress.agent}).text + r = requests.get(wordpress.url + "index.php/feed", headers={"User-Agent":wordpress.agent}, verify=False).text regex = re.compile('generator>https://wordpress.org/\?v=(.*?)<\/generator') match = regex.findall(r) if match != []: @@ -207,7 +207,7 @@ class Scan_Engine: http_client = httpclient.AsyncHTTPClient() for plugin in data.keys(): iter_aggressive += 1 - http_client.fetch(wordpress.url+'/wp-content/themes/' + plugin, aggressive_request_themes, method='HEAD') == True + http_client.fetch(wordpress.url+'/wp-content/themes/' + plugin, aggressive_request_themes, method='HEAD', validate_cert=False) == True ioloop.IOLoop.instance().start() @@ -228,7 +228,7 @@ class Scan_Engine: http_client = httpclient.AsyncHTTPClient() for plugin in data.keys(): iter_aggressive += 1 - http_client.fetch(wordpress.url+'/wp-content/plugins/' + plugin, aggressive_request_plugins, method='HEAD') == True + http_client.fetch(wordpress.url+'/wp-content/plugins/' + plugin, aggressive_request_plugins, method='HEAD', validate_cert=False) == True ioloop.IOLoop.instance().start()