diff --git a/README b/README index 5a1a6d01..17e0cf68 100644 --- a/README +++ b/README @@ -94,7 +94,7 @@ WPScan comes pre-installed on BackTrack5 R1 in the /pentest/web/wpscan directory --wp-plugins-dir Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed ---proxy Supply a proxy in the format host:port (will override the one from conf/browser.conf.json) +--proxy Supply a proxy in the format host:port or protocol://host:port (will override the one from conf/browser.conf.json). HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used --wordlist | -w Supply a wordlist for the password bruter and do the brute. @@ -111,19 +111,19 @@ WPScan comes pre-installed on BackTrack5 R1 in the /pentest/web/wpscan directory Do 'non-intrusive' checks... -ruby wpscan.rb --url www.example.com + ruby wpscan.rb --url www.example.com Do wordlist password brute force on enumerated users using 50 threads... -ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50 + ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50 Do wordlist password brute force on the 'admin' username only... -ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin + ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin Enumerate instaled plugins... -ruby wpscan.rb --url www.example.com --enumerate p + ruby wpscan.rb --url www.example.com --enumerate p ==WPSTOOLS ARGUMENTS== diff --git a/README.md b/README.md index ace3af06..b224ade8 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,8 @@ WPScan only supports Ruby => 1.9. --wp-plugins-dir Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed - --proxy Supply a proxy in the format host:port (will override the one from conf/browser.conf.json) + --proxy Supply a proxy in the format host:port or protocol://host:port (will override the one from conf/browser.conf.json). + HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used --wordlist | -w Supply a wordlist for the password bruter and do the brute. diff --git a/conf/browser.conf.json b/conf/browser.conf.json index 306f131a..8f963617 100644 --- a/conf/browser.conf.json +++ b/conf/browser.conf.json @@ -6,11 +6,19 @@ random : each request will choose a random user agent in available_user_agents */ "user_agent_mode": "static", - // Uncomment the next line to use the proxy + + /* Uncomment the "proxy" line to use the proxy + SOCKS proxies (4, 4A, 5) are supported, ie : "proxy": "socks5://127.0.0.1:9000" + If you do not specify the protocol, http will be used + */ //"proxy": "127.0.0.1:3038", + "cache_timeout": 600, // 10 minutes, at this time the cache is cleaned before each scan. If this value is set to 0, the cache will be disabled + "request_timeout": 2000, // 2s + "max_threads": 20, + // Some user_agents can be found there http://techpatterns.com/downloads/firefox/useragentswitcher.xml (thx to Gianluca Brindisi) "available_user_agents": [ diff --git a/lib/wpscan/wpscan_helper.rb b/lib/wpscan/wpscan_helper.rb index 6303a528..c0b44bdb 100644 --- a/lib/wpscan/wpscan_helper.rb +++ b/lib/wpscan/wpscan_helper.rb @@ -21,9 +21,12 @@ def usage() puts "-Enumerate instaled plugins ..." puts "ruby #{script_name} --url www.example.com --enumerate p" puts - puts "-Use a proxy ..." + puts "-Use a HTTP proxy ..." puts "ruby #{script_name} --url www.example.com --proxy 127.0.0.1:8118" puts + puts "-Use a SOCKS5 proxy ..." + puts "ruby #{script_name} --url www.example.com --proxy socks5://127.0.0.1:9000" + puts puts "-Use custom content directory ..." puts "ruby #{script_name} -u www.example.com --wp-content-dir custom-content" puts @@ -57,7 +60,8 @@ def help() puts "--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not" puts "--wp-content-dir WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed" puts "--wp-plugins-dir Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed" - puts "--proxy Supply a proxy in the format host:port (will override the one from conf/browser.conf.json)" + puts "--proxy Supply a proxy in the format host:port or protocol://host:port (will override the one from conf/browser.conf.json)." + puts " HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used" puts "--wordlist | -w Supply a wordlist for the password bruter and do the brute." puts "--threads | -t The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)" puts "--username | -U Only brute force the supplied username."