Doc files updated for SOCKS proxy support
This commit is contained in:
Erwan
10
README
10
README
@@ -94,7 +94,7 @@ WPScan comes pre-installed on BackTrack5 R1 in the /pentest/web/wpscan directory
|
||||
|
||||
--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
|
||||
|
||||
--proxy Supply a proxy in the format host:port (will override the one from conf/browser.conf.json)
|
||||
--proxy Supply a proxy in the format host:port or protocol://host:port (will override the one from conf/browser.conf.json). HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
|
||||
|
||||
--wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute.
|
||||
|
||||
@@ -111,19 +111,19 @@ WPScan comes pre-installed on BackTrack5 R1 in the /pentest/web/wpscan directory
|
||||
|
||||
Do 'non-intrusive' checks...
|
||||
|
||||
ruby wpscan.rb --url www.example.com
|
||||
ruby wpscan.rb --url www.example.com
|
||||
|
||||
Do wordlist password brute force on enumerated users using 50 threads...
|
||||
|
||||
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
|
||||
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
|
||||
|
||||
Do wordlist password brute force on the 'admin' username only...
|
||||
|
||||
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
|
||||
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
|
||||
|
||||
Enumerate instaled plugins...
|
||||
|
||||
ruby wpscan.rb --url www.example.com --enumerate p
|
||||
ruby wpscan.rb --url www.example.com --enumerate p
|
||||
|
||||
|
||||
==WPSTOOLS ARGUMENTS==
|
||||
|
||||
@@ -77,7 +77,8 @@ WPScan only supports Ruby => 1.9.
|
||||
|
||||
--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
|
||||
|
||||
--proxy Supply a proxy in the format host:port (will override the one from conf/browser.conf.json)
|
||||
--proxy Supply a proxy in the format host:port or protocol://host:port (will override the one from conf/browser.conf.json).
|
||||
HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
|
||||
|
||||
--wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute.
|
||||
|
||||
|
||||
@@ -6,11 +6,19 @@
|
||||
random : each request will choose a random user agent in available_user_agents
|
||||
*/
|
||||
"user_agent_mode": "static",
|
||||
// Uncomment the next line to use the proxy
|
||||
|
||||
/* Uncomment the "proxy" line to use the proxy
|
||||
SOCKS proxies (4, 4A, 5) are supported, ie : "proxy": "socks5://127.0.0.1:9000"
|
||||
If you do not specify the protocol, http will be used
|
||||
*/
|
||||
//"proxy": "127.0.0.1:3038",
|
||||
|
||||
"cache_timeout": 600, // 10 minutes, at this time the cache is cleaned before each scan. If this value is set to 0, the cache will be disabled
|
||||
|
||||
"request_timeout": 2000, // 2s
|
||||
|
||||
"max_threads": 20,
|
||||
|
||||
// Some user_agents can be found there http://techpatterns.com/downloads/firefox/useragentswitcher.xml (thx to Gianluca Brindisi)
|
||||
"available_user_agents":
|
||||
[
|
||||
|
||||
@@ -21,9 +21,12 @@ def usage()
|
||||
puts "-Enumerate instaled plugins ..."
|
||||
puts "ruby #{script_name} --url www.example.com --enumerate p"
|
||||
puts
|
||||
puts "-Use a proxy ..."
|
||||
puts "-Use a HTTP proxy ..."
|
||||
puts "ruby #{script_name} --url www.example.com --proxy 127.0.0.1:8118"
|
||||
puts
|
||||
puts "-Use a SOCKS5 proxy ..."
|
||||
puts "ruby #{script_name} --url www.example.com --proxy socks5://127.0.0.1:9000"
|
||||
puts
|
||||
puts "-Use custom content directory ..."
|
||||
puts "ruby #{script_name} -u www.example.com --wp-content-dir custom-content"
|
||||
puts
|
||||
@@ -57,7 +60,8 @@ def help()
|
||||
puts "--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not"
|
||||
puts "--wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed"
|
||||
puts "--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed"
|
||||
puts "--proxy Supply a proxy in the format host:port (will override the one from conf/browser.conf.json)"
|
||||
puts "--proxy Supply a proxy in the format host:port or protocol://host:port (will override the one from conf/browser.conf.json)."
|
||||
puts " HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used"
|
||||
puts "--wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute."
|
||||
puts "--threads | -t <number of threads> The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)"
|
||||
puts "--username | -U <username> Only brute force the supplied username."
|
||||
|
||||
Reference in New Issue
Block a user