Memory leak while using wpscan

[babariviere]

Subject of the issue

When running wpscan, I get big memory usage while scanning a single URL.

Here is the memory profiler report:

Total allocated: 7.38 GB (7302804 objects)
Total retained:  141.14 MB (1519438 objects)

allocated memory by gem
-----------------------------------
   4.34 GB  ethon-0.16.0
   2.40 GB  ffi-1.17.2
 239.07 MB  psych
 239.01 MB  yajl-ruby-1.4.3
  92.97 MB  wpscan-3.8.28
  21.55 MB  addressable-2.8.7
  19.72 MB  typhoeus-1.4.1
   7.14 MB  nokogiri-1.18.7
   6.68 MB  public_suffix-6.0.1
   4.80 MB  ruby-progressbar-1.13.0
   4.78 MB  cms_scanner-0.15.0
   1.49 MB  erb
   1.21 MB  unicode_normalize
 505.10 kB  rubygems
 341.11 kB  optparse

allocated memory by file
-----------------------------------
   4.30 GB  /usr/local/bundle/gems/ethon-0.16.0/lib/ethon/easy/callbacks.rb
   2.39 GB  /usr/local/bundle/gems/ffi-1.17.2/lib/ffi/pointer.rb
 239.01 MB  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb
 125.22 MB  /usr/local/lib/ruby/3.4.0/psych/tree_builder.rb
  66.70 MB  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb
  47.83 MB  /usr/local/bundle/gems/wpscan-3.8.28/lib/wpscan/helper.rb
  28.27 MB  /usr/local/lib/ruby/3.4.0/psych/parser.rb
  26.79 MB  /usr/local/bundle/gems/wpscan-3.8.28/lib/wpscan/db/dynamic_finders/plugin.rb
  26.08 MB  /usr/local/bundle/gems/ethon-0.16.0/lib/ethon/easy/operations.rb
  21.48 MB  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb
  18.50 MB  /usr/local/bundle/gems/typhoeus-1.4.1/lib/typhoeus/request.rb
  18.35 MB  /usr/local/lib/ruby/3.4.0/psych/nodes/node.rb
   9.83 MB  /usr/local/bundle/gems/wpscan-3.8.28/lib/wpscan/db/dynamic_finders/base.rb
   7.68 MB  /usr/local/bundle/gems/ffi-1.17.2/lib/ffi/variadic.rb
   5.19 MB  /usr/local/bundle/gems/ethon-0.16.0/lib/ethon/curls/infos.rb

allocated memory by location
-----------------------------------
   4.30 GB  /usr/local/bundle/gems/ethon-0.16.0/lib/ethon/easy/callbacks.rb:26
   2.39 GB  /usr/local/bundle/gems/ffi-1.17.2/lib/ffi/pointer.rb:60
 239.01 MB  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44
  89.97 MB  /usr/local/lib/ruby/3.4.0/psych/tree_builder.rb:97
  47.83 MB  /usr/local/bundle/gems/wpscan-3.8.28/lib/wpscan/helper.rb:4
  35.24 MB  /usr/local/lib/ruby/3.4.0/psych/tree_builder.rb:46
  35.19 MB  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb:168
  28.27 MB  /usr/local/lib/ruby/3.4.0/psych/parser.rb:62
  26.08 MB  /usr/local/bundle/gems/ethon-0.16.0/lib/ethon/easy/operations.rb:30
  24.82 MB  /usr/local/bundle/gems/wpscan-3.8.28/lib/wpscan/db/dynamic_finders/plugin.rb:29
  18.35 MB  /usr/local/lib/ruby/3.4.0/psych/nodes/node.rb:33
  13.51 MB  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb:112
  12.67 MB  /usr/local/bundle/gems/typhoeus-1.4.1/lib/typhoeus/request.rb:204
   9.83 MB  /usr/local/bundle/gems/wpscan-3.8.28/lib/wpscan/db/dynamic_finders/base.rb:15
   8.11 MB  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb:344

allocated memory by class
-----------------------------------
   6.98 GB  String
 158.32 MB  Hash
  89.97 MB  Psych::Nodes::Scalar
  59.06 MB  Array
  32.44 MB  Psych::Nodes::Mapping
  27.32 MB  FFI::Pointer
   9.89 MB  Regexp
   5.04 MB  MatchData
   4.02 MB  Nokogiri::HTML4::Document
   3.38 MB  Addressable::URI
   3.10 MB  FFI::MemoryPointer
   2.80 MB  Psych::Nodes::Sequence
   1.05 MB  Thread
 491.20 kB  Integer
 417.64 kB  ProgressBar::Format::String

allocated objects by gem
-----------------------------------
   3501325  yajl-ruby-1.4.3
   2189027  psych
    425318  ethon-0.16.0
    290321  ffi-1.17.2
    255432  addressable-2.8.7
    222701  typhoeus-1.4.1
    179767  wpscan-3.8.28
     85544  public_suffix-6.0.1
     44641  ruby-progressbar-1.13.0
     37107  nokogiri-1.18.7
     21351  erb
     18090  cms_scanner-0.15.0
     14884  unicode_normalize
      7589  rubygems
      3026  other

allocated objects by file
-----------------------------------
   3501324  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb
    782595  /usr/local/lib/ruby/3.4.0/psych/tree_builder.rb
    597960  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb
    575238  /usr/local/lib/ruby/3.4.0/psych/parser.rb
    296342  /usr/local/bundle/gems/ethon-0.16.0/lib/ethon/easy/operations.rb
    254791  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb
    220254  /usr/local/lib/ruby/3.4.0/psych/nodes/node.rb
    206231  /usr/local/bundle/gems/typhoeus-1.4.1/lib/typhoeus/request.rb
    164532  /usr/local/bundle/gems/wpscan-3.8.28/lib/wpscan/db/dynamic_finders/plugin.rb
    158512  /usr/local/bundle/gems/ffi-1.17.2/lib/ffi/pointer.rb
    124263  /usr/local/bundle/gems/ffi-1.17.2/lib/ffi/variadic.rb
     58992  /usr/local/bundle/gems/ethon-0.16.0/lib/ethon/curls/infos.rb
     41285  /usr/local/bundle/gems/public_suffix-6.0.1/lib/public_suffix/rule.rb
     40161  /usr/local/bundle/gems/public_suffix-6.0.1/lib/public_suffix/list.rb
     28028  /usr/local/bundle/gems/nokogiri-1.18.7/lib/nokogiri/html4/sax/push_parser.rb

allocated objects by location
-----------------------------------
   3501324  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44
    575238  /usr/local/lib/ruby/3.4.0/psych/parser.rb:62
    562341  /usr/local/lib/ruby/3.4.0/psych/tree_builder.rb:97
    296336  /usr/local/bundle/gems/ethon-0.16.0/lib/ethon/easy/operations.rb:30
    220254  /usr/local/lib/ruby/3.4.0/psych/nodes/node.rb:33
    220248  /usr/local/lib/ruby/3.4.0/psych/tree_builder.rb:46
    202740  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb:168
    202740  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb:344
    155105  /usr/local/bundle/gems/wpscan-3.8.28/lib/wpscan/db/dynamic_finders/plugin.rb:29
    154700  /usr/local/bundle/gems/ffi-1.17.2/lib/ffi/pointer.rb:60
    122066  /usr/local/bundle/gems/typhoeus-1.4.1/lib/typhoeus/request.rb:204
     67367  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb:112
     44830  /usr/local/bundle/gems/typhoeus-1.4.1/lib/typhoeus/request.rb:202
     41418  /usr/local/bundle/gems/ffi-1.17.2/lib/ffi/variadic.rb:36
     41418  /usr/local/bundle/gems/ffi-1.17.2/lib/ffi/variadic.rb:37

allocated objects by class
-----------------------------------
   4427613  String
    843952  Hash
    794310  Array
    562341  Psych::Nodes::Scalar
    310403  FFI::Pointer
    202740  Psych::Nodes::Mapping
     30325  FFI::MemoryPointer
     28623  MatchData
     17508  Psych::Nodes::Sequence
     13918  Regexp
     12280  Integer
     10564  Addressable::URI
     10066  PublicSuffix::Rule::Normal
      9808  PublicSuffix::Rule::Entry
      2655  Time

retained memory by gem
-----------------------------------
  78.94 MB  yajl-ruby-1.4.3
  55.73 MB  psych
   1.98 MB  wpscan-3.8.28
   1.34 MB  public_suffix-6.0.1
   1.05 MB  ffi-1.17.2
 755.90 kB  unicode_normalize
 578.24 kB  nokogiri-1.18.7
 532.26 kB  ethon-0.16.0
  91.86 kB  rubygems
  35.82 kB  optparse
  35.28 kB  cms_scanner-0.15.0
  23.68 kB  addressable-2.8.7
  17.22 kB  opt_parse_validator-1.10.1
   7.72 kB  typhoeus-1.4.1
   5.60 kB  time

retained memory by file
-----------------------------------
  78.94 MB  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb
  47.97 MB  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb
   7.76 MB  /usr/local/lib/ruby/3.4.0/psych/parser.rb
   1.89 MB  /usr/local/bundle/gems/wpscan-3.8.28/lib/wpscan/db/dynamic_finders/plugin.rb
   1.34 MB  /usr/local/bundle/gems/public_suffix-6.0.1/lib/public_suffix/list.rb
   1.05 MB  /usr/local/bundle/gems/ffi-1.17.2/lib/ffi/variadic.rb
 724.74 kB  /usr/local/lib/ruby/3.4.0/unicode_normalize/tables.rb
 567.36 kB  /usr/local/bundle/gems/nokogiri-1.18.7/lib/nokogiri/html4/document.rb
 330.90 kB  /usr/local/bundle/gems/ethon-0.16.0/lib/ethon/easy/callbacks.rb
 197.80 kB  /usr/local/bundle/gems/ethon-0.16.0/lib/ethon/multi/operations.rb
  91.70 kB  /usr/local/lib/ruby/3.4.0/rubygems/version.rb
  35.82 kB  /usr/local/lib/ruby/3.4.0/optparse.rb
  31.17 kB  /usr/local/lib/ruby/3.4.0/unicode_normalize/normalize.rb
  27.11 kB  /usr/local/bundle/gems/wpscan-3.8.28/lib/wpscan/finders/dynamic_finder/finder.rb
  23.68 kB  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb

retained memory by location
-----------------------------------
  78.94 MB  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44
  35.19 MB  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb:168
   9.69 MB  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb:112
   7.76 MB  /usr/local/lib/ruby/3.4.0/psych/parser.rb:62
   2.04 MB  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb:396
   1.43 MB  /usr/local/bundle/gems/wpscan-3.8.28/lib/wpscan/db/dynamic_finders/plugin.rb:55
   1.05 MB  /usr/local/bundle/gems/ffi-1.17.2/lib/ffi/variadic.rb:47
   1.05 MB  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb:338
 695.90 kB  /usr/local/lib/ruby/3.4.0/unicode_normalize/tables.rb:0
 567.36 kB  /usr/local/bundle/gems/nokogiri-1.18.7/lib/nokogiri/html4/document.rb:230
 493.36 kB  /usr/local/bundle/gems/public_suffix-6.0.1/lib/public_suffix/list.rb:142
 459.07 kB  /usr/local/bundle/gems/wpscan-3.8.28/lib/wpscan/db/dynamic_finders/plugin.rb:49
 458.91 kB  /usr/local/bundle/gems/public_suffix-6.0.1/lib/public_suffix/list.rb:107
 392.32 kB  /usr/local/bundle/gems/public_suffix-6.0.1/lib/public_suffix/list.rb:243
 328.43 kB  /usr/local/bundle/gems/ethon-0.16.0/lib/ethon/easy/callbacks.rb:26

retained memory by class
-----------------------------------
  66.52 MB  Hash
  54.79 MB  String
   9.32 MB  Regexp
   8.14 MB  Array
   1.05 MB  Thread
 557.83 kB  Nokogiri::HTML4::Document
 392.32 kB  PublicSuffix::Rule::Entry
 197.16 kB  FFI::MemoryPointer
  59.68 kB  Gem::Version
  32.53 kB  Class
   7.68 kB  Addressable::URI
   6.94 kB  Proc
   5.72 kB  Nokogiri::XML::Element
   4.99 kB  WPScan::Model::Plugin
   4.40 kB  Nokogiri::XML::Attr

retained objects by gem
-----------------------------------
   1060070  yajl-ruby-1.4.3
    416167  psych
     19567  public_suffix-6.0.1
     10722  unicode_normalize
      9496  wpscan-3.8.28
      1538  rubygems
       559  optparse
       370  cms_scanner-0.15.0
       305  nokogiri-1.18.7
       210  opt_parse_validator-1.10.1
       202  addressable-2.8.7
        71  typhoeus-1.4.1
        53  ethon-0.16.0
        25  ffi-1.17.2
        21  pathname

retained objects by file
-----------------------------------
   1060069  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb
    267156  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb
    149009  /usr/local/lib/ruby/3.4.0/psych/parser.rb
     19562  /usr/local/bundle/gems/public_suffix-6.0.1/lib/public_suffix/list.rb
     10660  /usr/local/lib/ruby/3.4.0/unicode_normalize/tables.rb
      8963  /usr/local/bundle/gems/wpscan-3.8.28/lib/wpscan/db/dynamic_finders/plugin.rb
      1536  /usr/local/lib/ruby/3.4.0/rubygems/version.rb
       559  /usr/local/lib/ruby/3.4.0/optparse.rb
       202  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb
       199  /usr/local/bundle/gems/nokogiri-1.18.7/lib/nokogiri/xml/searchable.rb
       152  /usr/local/bundle/gems/opt_parse_validator-1.10.1/lib/opt_parse_validator/opts/base.rb
       104  /usr/local/bundle/gems/wpscan-3.8.28/app/controllers/enumeration/cli_options.rb
        81  /usr/local/bundle/gems/cms_scanner-0.15.0/lib/cms_scanner/target.rb
        78  /usr/local/bundle/gems/cms_scanner-0.15.0/app/controllers/core/cli_options.rb
        76  /usr/local/bundle/gems/nokogiri-1.18.7/lib/nokogiri/html4/document.rb

retained objects by location
-----------------------------------
   1060069  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44
    202740  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb:168
    149009  /usr/local/lib/ruby/3.4.0/psych/parser.rb:62
     31057  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb:396
     17508  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb:338
     15851  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb:112
     10657  /usr/local/lib/ruby/3.4.0/unicode_normalize/tables.rb:0
      9808  /usr/local/bundle/gems/public_suffix-6.0.1/lib/public_suffix/list.rb:243
      9752  /usr/local/bundle/gems/public_suffix-6.0.1/lib/public_suffix/list.rb:142
      8933  /usr/local/bundle/gems/wpscan-3.8.28/lib/wpscan/db/dynamic_finders/plugin.rb:55
       757  /usr/local/lib/ruby/3.4.0/rubygems/version.rb:419
       753  /usr/local/lib/ruby/3.4.0/rubygems/version.rb:206
       204  /usr/local/lib/ruby/3.4.0/optparse.rb:1464
       197  /usr/local/bundle/gems/nokogiri-1.18.7/lib/nokogiri/xml/searchable.rb:270
        79  /usr/local/bundle/gems/cms_scanner-0.15.0/lib/cms_scanner/target.rb:116

retained objects by class
-----------------------------------
   1100558  String
    354726  Hash
     39893  Array
     12888  Regexp
      9808  PublicSuffix::Rule::Entry
       746  Gem::Version
       143  Nokogiri::XML::Element
       110  Nokogiri::XML::Attr
        82  Proc
        53  OptionParser::Switch::RequiredArgument
        44  Symbol
        31  Class
        25  Nokogiri::XML::Comment
        24  Addressable::URI
        23  Nokogiri::XML::SyntaxError


Allocated String Report
-----------------------------------
    418250  "popular"
    418248  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44
         2  /usr/local/bundle/gems/activesupport-8.0.2/lib/active_support/inflector/methods.rb:146

    418248  "last_updated"
    418248  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44

    418248  "latest_version"
    418248  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44

     93132  "path"
     93075  /usr/local/lib/ruby/3.4.0/psych/parser.rb:62
        54  /usr/local/bundle/gems/wpscan-3.8.28/lib/wpscan/finders/dynamic_finder/finder.rb:37
         3  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44

     79710  "Readme"
     79710  /usr/local/lib/ruby/3.4.0/psych/parser.rb:62

     70653  "readme.txt"
     70644  /usr/local/lib/ruby/3.4.0/psych/parser.rb:62
         3  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:136
         3  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:2348
         1  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:428
         1  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:431
         1  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44

     35239  "1.0"
     35236  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44
         2  /usr/local/bundle/gems/wpscan-3.8.28/app/finders/theme_version/style.rb:36
         1  /usr/local/bundle/gems/wpscan-3.8.28/app/finders/plugin_version/readme.rb:62

     33039  "i"
     32520  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb:103
       412  /usr/local/bundle/gems/public_suffix-6.0.1/lib/public_suffix/rule.rb:327
        36  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:1572
        36  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:2491
        22  /usr/local/bundle/gems/activesupport-8.0.2/lib/active_support/inflector/methods.rb:193
        12  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:1936
         1  /usr/local/bundle/gems/wpscan-3.8.28/lib/wpscan/target/platform/wordpress/custom_directories.rb:131

     32380  "https"
     15314  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:1858
      7657  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:923
      7657  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:927
       426  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:903
       259  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:136
       213  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:428
       213  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:431
       213  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:486
       213  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:584
       213  /usr/local/lib/ruby/3.4.0/unicode_normalize/normalize.rb:126
         2  /usr/local/bundle/gems/opt_parse_validator-1.10.1/lib/opt_parse_validator/opts/uri.rb:32

     31606  "version"
     31599  /usr/local/lib/ruby/3.4.0/psych/parser.rb:62
         2  /usr/local/bundle/gems/opt_parse_validator-1.10.1/lib/opt_parse_validator/opts/base.rb:110
         2  <internal:symbol>:12
         1  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44
         1  /usr/local/lib/ruby/3.4.0/optparse.rb:1536
         1  /usr/local/lib/ruby/3.4.0/optparse.rb:1543

     11518  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:1285
      7656  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:1236
      5759  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:1287
       648  /usr/local/bundle/gems/public_suffix-6.0.1/lib/public_suffix/rule.rb:202
       432  /usr/local/bundle/gems/public_suffix-6.0.1/lib/public_suffix.rb:165
       432  /usr/local/bundle/gems/public_suffix-6.0.1/lib/public_suffix/list.rb:214
       430  /usr/local/bundle/gems/public_suffix-6.0.1/lib/public_suffix/domain.rb:106
       426  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:1132
       426  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:486
       426  /usr/local/lib/ruby/3.4.0/unicode_normalize/normalize.rb:130
       258  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:136
       258  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:155
       258  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:157
       213  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/idna/pure.rb:69
       213  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/idna/pure.rb:73
       213  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:1130
       213  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:1255
       213  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:428
       213  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:431
       213  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:584
       213  /usr/local/lib/ruby/3.4.0/unicode_normalize/normalize.rb:126

     29871  "true"
     29871  /usr/local/lib/ruby/3.4.0/psych/parser.rb:62

     24306  "1.0.0"
     24306  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44

     23985  "vulnerabilities"
     23985  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44

     22835  ""
      3984  /usr/local/bundle/gems/ruby-progressbar-1.13.0/lib/ruby-progressbar/format/formatter.rb:8
      3253  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:2457
      3253  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:2458
      3030  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb:103
      2031  /usr/local/bundle/gems/public_suffix-6.0.1/lib/public_suffix/list.rb:75
       771  /usr/local/bundle/gems/typhoeus-1.4.1/lib/typhoeus/request.rb:215
       718  /usr/local/bundle/gems/ethon-0.16.0/lib/ethon/easy/callbacks.rb:26
       664  /usr/local/bundle/gems/ruby-progressbar-1.13.0/lib/ruby-progressbar/format/formatter.rb:11
       664  /usr/local/bundle/gems/ruby-progressbar-1.13.0/lib/ruby-progressbar/format/formatter.rb:19
       664  /usr/local/bundle/gems/ruby-progressbar-1.13.0/lib/ruby-progressbar/format/string.rb:10
       541  /usr/local/lib/ruby/3.4.0/erb/compiler.rb:367
       509  /usr/local/lib/ruby/3.4.0/erb/compiler.rb:255
       422  /usr/local/lib/ruby/3.4.0/erb/compiler.rb:306
       307  /usr/local/lib/ruby/3.4.0/erb/compiler.rb:354
       224  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:1544
       224  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:428
       224  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:431
       224  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:486
       224  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:584
       224  /usr/local/lib/ruby/3.4.0/unicode_normalize/normalize.rb:126
       176  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44
        66  (erb):1
        66  /usr/local/lib/ruby/3.4.0/pathname.rb:51
        50  /usr/local/bundle/gems/nokogiri-1.18.7/lib/nokogiri/html4/sax/push_parser.rb:24
        48  /usr/local/lib/ruby/3.4.0/erb/compiler.rb:262
        41  /usr/local/lib/ruby/3.4.0/pathname.rb:55
        36  /usr/local/bundle/gems/wpscan-3.8.28/app/finders/wp_items/urls_in_page.rb:38
        34  /usr/local/bundle/gems/wpscan-3.8.28/app/finders/plugins/javascript_var.rb:19
        26  /usr/local/bundle/gems/activesupport-8.0.2/lib/active_support/inflector/methods.rb:146
        25  /usr/local/bundle/gems/activesupport-8.0.2/lib/active_support/inflector/methods.rb:103
        21  /usr/local/bundle/gems/ruby-progressbar-1.13.0/lib/ruby-progressbar/components/bar.rb:78
        17  /usr/local/lib/ruby/3.4.0/erb/compiler.rb:322
        14  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:136
        14  /usr/local/bundle/gems/wpscan-3.8.28/app/finders/wp_items/urls_in_page.rb:68
        14  /usr/local/lib/ruby/3.4.0/erb/compiler.rb:257
        10  /usr/local/bundle/gems/wpscan-3.8.28/app/finders/main_theme/css_style_in_homepage.rb:33
         7  /usr/local/lib/ruby/3.4.0/unicode_normalize/tables.rb:0
         4  /usr/local/bundle/gems/addressable-2.8.7/lib/addressable/uri.rb:1629
         3  /usr/local/lib/ruby/3.4.0/rubygems/version.rb:235
         2  /usr/local/bundle/gems/ethon-0.16.0/lib/ethon/easy/callbacks.rb:27
         2  /usr/local/bundle/gems/ruby-progressbar-1.13.0/lib/ruby-progressbar/components/bar.rb:82
         1  /usr/local/bundle/gems/cms_scanner-0.15.0/app/finders/interesting_findings/fantastico_fileslist.rb:13
         1  /usr/local/bundle/gems/opt_parse_validator-1.10.1/lib/opt_parse_validator/opts/multi_choices.rb:32
         1  /usr/local/lib/ruby/3.4.0/unicode_normalize/tables.rb:223
         1  /usr/local/lib/ruby/3.4.0/unicode_normalize/tables.rb:628


Retained String Report
-----------------------------------
     70644  "readme.txt"
     70644  /usr/local/lib/ruby/3.4.0/psych/parser.rb:62

     11745  "1.0"
     11744  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44
         1  /usr/local/bundle/gems/wpscan-3.8.28/app/finders/theme_version/style.rb:36

     11589  "BodyPattern"
     11589  /usr/local/lib/ruby/3.4.0/psych/parser.rb:62

      8102  "1.0.0"
      8102  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44

      7782  "README.txt"
      7782  /usr/local/lib/ruby/3.4.0/psych/parser.rb:62

      4670  "1.0.1"
      4670  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44

      4334  "1.1"
      4334  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44

      3269  "1.0.2"
      3269  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44

      2688  "1.2"
      2688  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44

      2226  "1.0.3"
      2226  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44

      2118  "0.1"
      2118  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44

      2115  "changelog.txt"
      2115  /usr/local/lib/ruby/3.4.0/psych/parser.rb:62

      2088  "README.md"
      2088  /usr/local/lib/ruby/3.4.0/psych/parser.rb:62

      1779  "1.1.0"
      1779  /usr/local/bundle/gems/yajl-ruby-1.4.3/lib/yajl.rb:44

      1744  "ConfigParser"
      1743  /usr/local/lib/ruby/3.4.0/psych/parser.rb:62
         1  /usr/local/lib/ruby/3.4.0/psych/visitors/to_ruby.rb:396

At the end of the scan, I get this:

[+] Finished: Wed Apr 16 12:44:56 2025
[+] Requests Done: 767
[+] Cached Requests: 0
[+] Data Sent: 292.479 KB
[+] Data Received: 2.222 GB
[+] Memory used: 5.977 GB
[+] Elapsed time: 00:03:14

I suppose this happens with website that can serve big static files like executables?

This is possibly related to typhoeus/ethon#142.
Maybe it could be a good idea to find alternative libraries for HTTP requests?

Your environment

• Version of WPScan: 3.8.28
• Version of Ruby: 3.4.2
• Operating System (OS): Ubuntu 24.04

Steps to reproduce

wpscan --url <target> --random-user-agent --ignore-main-redirect --disable-tls-checks --no-update --throttle 50 --connect-timeout 15 --request-timeout 30 -e ap,vt,u -t 5

Expected behavior

The memory should not spike to 6GB for the whole duration of the scan.

Actual behavior

The memory have a big spike.

What have you already tried

Things you have tried (where relevant):

• Update WPScan to the latest version [ ]
• Update Ruby to the latest version [ ]
• Ensure you can reach the target site using cURL [X]
• Proxied WPScan through a HTTP proxy to view the raw traffic [ ]
• Ensure you are using a supported Operating System (Linux and macOS) [X]

[plmi]

I get a somehow related error. I can't scan any URL. It says:

[+] Started: Thu May  8 00:03:31 2025

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Thu May  8 00:03:47 2025
[+] Requests Done: 2
[+] Cached Requests: 12
[+] Data Sent: 648 B
[+] Data Received: 95.441 KB
[+] Memory used: 2.787 GB
[+] Elapsed time: 00:00:15

Scan Aborted: long too big to dump
Trace: /usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/cache/file_store.rb:47:in `dump'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/cache/file_store.rb:47:in `write_entry'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/cache/typhoeus.rb:21:in `set'
/usr/share/rubygems-integration/all/gems/typhoeus-1.4.0/lib/typhoeus/request/cacheable.rb:5:in `response='
/usr/share/rubygems-integration/all/gems/typhoeus-1.4.0/lib/typhoeus/request/operations.rb:32:in `finish'
/usr/share/rubygems-integration/all/gems/typhoeus-1.4.0/lib/typhoeus/easy_factory.rb:164:in `block in set_callback'
/usr/share/rubygems-integration/all/gems/ethon-0.16.0/lib/ethon/easy/response_callbacks.rb:74:in `block in complete'
/usr/share/rubygems-integration/all/gems/ethon-0.16.0/lib/ethon/easy/response_callbacks.rb:74:in `each'
/usr/share/rubygems-integration/all/gems/ethon-0.16.0/lib/ethon/easy/response_callbacks.rb:74:in `complete'
/usr/share/rubygems-integration/all/gems/ethon-0.16.0/lib/ethon/easy/operations.rb:34:in `perform'
/usr/share/rubygems-integration/all/gems/typhoeus-1.4.0/lib/typhoeus/request/operations.rb:16:in `run'
/usr/share/rubygems-integration/all/gems/typhoeus-1.4.0/lib/typhoeus/request/cacheable.rb:18:in `run'
/usr/share/rubygems-integration/all/gems/typhoeus-1.4.0/lib/typhoeus/request/block_connection.rb:31:in `run'
/usr/share/rubygems-integration/all/gems/typhoeus-1.4.0/lib/typhoeus/request/stubbable.rb:25:in `run'
/usr/share/rubygems-integration/all/gems/typhoeus-1.4.0/lib/typhoeus/request/before.rb:26:in `run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/browser/actions.rb:20:in `get'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/web_site.rb:142:in `head_and_get'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/target/platform/php.rb:21:in `log_file?'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/target/platform/php.rb:31:in `debug_log?'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/app/finders/interesting_findings/debug_log.rb:12:in `aggressive'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/finders/base_finders.rb:31:in `run_finder'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/finders/independent_finders.rb:18:in `block (2 levels) in run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/finders/independent_finders.rb:17:in `each'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/finders/independent_finders.rb:17:in `block in run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/finders/independent_finders.rb:16:in `each'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/finders/independent_finders.rb:16:in `run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/finders/independent_finder.rb:21:in `find'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/finders/independent_finder.rb:12:in `find'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/target.rb:28:in `interesting_findings'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/app/controllers/interesting_findings.rb:19:in `run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:50:in `each'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:50:in `block in run'
/usr/lib/ruby/3.3.0/timeout.rb:170:in `timeout'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/controllers.rb:45:in `run'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:24:in `run'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:17:in `block in <top (required)>'
/usr/share/rubygems-integration/all/gems/cms_scanner-0.15.0/lib/cms_scanner/scan.rb:15:in `initialize'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `new'
/usr/share/rubygems-integration/all/gems/wpscan-3.8.28/bin/wpscan:6:in `<top (required)>'
/usr/bin/wpscan:25:in `load'
/usr/bin/wpscan:25:in `<main>'

Your environment
Version of WPScan: 3.8.28
Version of Ruby: 3.4.2
Operating System (OS): Ubuntu 24.04 ARM64 (inside a Parallels VM on MacOS)

I've installed it using the Kali Linux repository.