• Home »
  • Errors »
  • wpscan: [ERROR] Install missing ruby gem.LoadError: no such file to load — nokogiri

wpscan: [ERROR] Install missing ruby gem.LoadError: no such file to load — nokogiri

It is possible to receive an error after updating wpscan via “svn up” complaining about the nokogiri gem. This might be confusing because likely you already have the nokogiri gem installed on Backtrack Linux however it is likely a simple path issue. To resolve you can issue the below gem install –user-install command as shown in the below example.

wpscan Error After Updating To Revision 247:

root@bt:/pentest/web/wpscan# ./wpscan.rb -h
[ERROR] Install missing ruby gem. Please see README file or http://code.google.com/p/wpscan/
#<LoadError: no such file to load -- nokogiri>

Fixing the issue is easy by issuing the below gem install command.

Install nokogiri Ruby Gem With –user-install Switch:

root@bt:/pentest/web/wpscan# gem install --user-install nokogiri
WARNING:  You don't have /root/.gem/ruby/1.9.2/bin in your PATH,
	  gem executables will not run.
Building native extensions.  This could take a while...
Successfully installed nokogiri-1.5.2
1 gem installed
Installing ri documentation for nokogiri-1.5.2...
Installing RDoc documentation for nokogiri-1.5.2...

As you can see below after issuing the above command you are now able to execute the wpscan.rb command without issue.

The wpscan.rb Help Output:

root@bt:/pentest/web/wpscan# ./wpscan.rb -h
 __          _______   _____
          / /  __  / ____|
     /  / /| |__) | (___   ___  __ _ _ __
    /  / / |  ___/ ___  / __|/ _` | '_ 
      /  /  | |     ____) | (__| (_| | | | |
     /  /   |_|    |_____/ ___|__,_|_| |_| v1.1

  WordPress Security Scanner by ethicalhack3r.co.uk
 Sponsored by the RandomStorm Open Source Initiative


--url       The WordPress URL/domain to scan.
--enumerate     Enumeration.
u       users
v       version
p       plugins
t       timthumb
--wordlist      Supply a wordlist for the password bruter and do the brute.
--threads     The number of threads to use when multi-threading requests.
--username      Only brute force the supplied username.
--generate_plugin_list    Generate a new data/plugins.txt file. (supply number of *pages* to parse)
--force       Forces WPScan to not check if the remote site is running WordPress.
-h        This help screen.
-v        Verbose output.
--proxy       Supply a proxy in the format host:port
--update      Update to the latest SVN revision.


Happy WordPress scanning…

WordPress 3 Ultimate Security (Paperback)

List Price: $49.99
New From: $51.10 USD In Stock
Used from: $45.19 USD In Stock

WordPress Security: Protection from Hackers and Crackers (Kindle Edition)

List Price: Click For Price
Kindle Edition: Check Amazon for Pricing Digital Only