wpscan: [ERROR] Install missing ruby gem.LoadError: no such file to load — nokogiri

It is possible to receive an error after updating wpscan via “svn up” complaining about the nokogiri gem. This might be confusing because likely you already have the nokogiri gem installed on Backtrack Linux however it is likely a simple path issue. To resolve you can issue the below gem install –user-install command as shown in the below example.

wpscan Error After Updating To Revision 247:

root@bt:/pentest/web/wpscan# ./wpscan.rb -h
[ERROR] Install missing ruby gem. Please see README file or http://code.google.com/p/wpscan/
#<LoadError: no such file to load -- nokogiri>
root@bt:/pentest/web/wpscan#

Fixing the issue is easy by issuing the below gem install command.

Install nokogiri Ruby Gem With –user-install Switch:

root@bt:/pentest/web/wpscan# gem install --user-install nokogiri
WARNING:  You don't have /root/.gem/ruby/1.9.2/bin in your PATH,
	  gem executables will not run.
Building native extensions.  This could take a while...
Successfully installed nokogiri-1.5.2
1 gem installed
Installing ri documentation for nokogiri-1.5.2...
Installing RDoc documentation for nokogiri-1.5.2...
root@bt:/pentest/web/wpscan#

As you can see below after issuing the above command you are now able to execute the wpscan.rb command without issue.

The wpscan.rb Help Output:

root@bt:/pentest/web/wpscan# ./wpscan.rb -h
____________________________________________________
 __          _______   _____
          / /  __  / ____|
     /  / /| |__) | (___   ___  __ _ _ __
    /  / / |  ___/ ___  / __|/ _` | '_ 
      /  /  | |     ____) | (__| (_| | | | |
     /  /   |_|    |_____/ ___|__,_|_| |_| v1.1

  WordPress Security Scanner by ethicalhack3r.co.uk
 Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________

Help:

--url       The WordPress URL/domain to scan.
--enumerate     Enumeration.
u       users
v       version
p       plugins
t       timthumb
--wordlist      Supply a wordlist for the password bruter and do the brute.
--threads     The number of threads to use when multi-threading requests.
--username      Only brute force the supplied username.
--generate_plugin_list    Generate a new data/plugins.txt file. (supply number of *pages* to parse)
--force       Forces WPScan to not check if the remote site is running WordPress.
-h        This help screen.
-v        Verbose output.
--proxy       Supply a proxy in the format host:port
--update      Update to the latest SVN revision.

root@bt:/pentest/web/wpscan#

Happy WordPress scanning…

See larger image WordPress 3 Ultimate Security (Paperback) By (author) Olly Connelly List Price: $49.99 USD New From: $44.99 In Stock Used from: $44.18 In Stock

See larger image WordPress Security: Protection from Hackers and Crackers (Kindle Edition) By (author) Lambert Klein Release date April 12, 2012.

This entry was posted on Tuesday, April 10th, 2012 at 1:05 AM and is filed under Errors. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.