+
__
__ _______ _____
@@ -157,10 +154,10 @@
__
-LICENSE==
+LICENSE==
-WPScan - WordPress Security Scanner Copyright (C) 2011 Ryan Dewhurst AKA
-ethicalhack3r
+WPScan - WordPress Security Scanner Copyright (C) 2011-2012 Ryan Dewhurst
+AKA ethicalhack3r
This program is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
@@ -178,44 +175,58 @@ href="http://www.gnu.org/licenses/">www.gnu.org/licenses/>.
ryandewhurst at gmail
-INSTALL==
+INSTALL==
-WPScan comes pre-installed on BackTrack5 R1 in the /pentest/web/wpscan
-directory. WPScan only supports Ruby => 1.9.
+WPScan comes pre-installed on the following Linux distributions:
--> Installing on Backtrack5 Gnome/KDE 32bit :
+ * BackBox Linux
+ * BackTrack Linux (outdated WPScan installed, update needed)
+ * Pentoo
+ * SamuraiWTF
- sudo apt-get install libcurl4-gnutls-dev libxml2 libxml2-dev libxslt1-dev
- sudo gem install --user-install mime-types typhoeus nokogiri json
+Prerequisites:
--> Installing on Debian/Ubuntu :
+ * Windows not supported
+ * Ruby => 1.9
+ * RubyGems
+ * Git
- sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev
- sudo gem install typhoeus nokogiri json
+-> Installing on Debian/Ubuntu:
--> Installing on other nix : (not tested)
+ sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev
+ git clone https:/%rgithub.com/wpscanteam/wpscan.git
+ cd wpscan
+ sudo gem install bundler && bundle install
- sudo gem install typhoeus nokogiri json
+-> Installing on Fedora:
--> Installing on Windows : (not tested)
+ sudo yum install libcurl-devel
+ git clone https:/%rgithub.com/wpscanteam/wpscan.git
+ cd wpscan
+ sudo gem install bundler && bundle install
- gem install typhoeus ("Windows is not officially supported")
- gem install nokogiri json
+-> Installing on Mac OS X:
--> Installing on Mac OSX :
+ git clone https:/%rgithub.com/wpscanteam/wpscan.git
+ cd wpscan
+ sudo gem install bundler && bundle install
+
- sudo gem install typhoeus nokogiri json
+KNOWN ISSUES==
-KNOWN ISSUES==
+- Typhoeus segmentation fault:
+ Update cURL to version => 7.21 (may have to install from source)
+ See http:/%rcode.google.com/p/wpscan/issues/detail?id=81
-- Typhoeus segmentation fault
- Update curl to at least v7.21 (you may have to install it from sources)
- See http://code.google.com/p/wpscan/issues/detail?id=81
+- If you have one the following errors: "-bash: !t: event not found", "-bash: !u: event not found"
+ It happens with enumeration : just put the 't' or 'u' before the 'p!' : '-e tp!' instead of '-e p!t'
-- If you have one the following errors : "-bash: !t: event not found", "-bash: !u: event not found"
- It happens with enumeration : just put the 't' or 'u' before the 'p!' : '-e tp!' instead of '-e p!t'
+- Proxy not working:
+ Update cURL to version => 7.21.7 (may have to install from source)
+ See https:/%rgithub.com/wpscanteam/wpscan/issues/7
+
-WPSCAN ARGUMENTS==
+WPSCAN ARGUMENTS==
–update Update to the latest revision
@@ -230,12 +241,12 @@ WordPress.
u usernames from id 1 to 10
u[10-20] usernames from id 10 to 20 (you must write [] chars)
p plugins
- p! only vulnerable plugins
- t timthumbs
- T themes
- T! only vulnerable themes
-Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins
-If no option is supplied, the default is 'tup!'
+ vp only vulnerable plugins
+ tt timthumbs
+ t themes
+ vp only vulnerable themes
+Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
+If no option is supplied, the default is 'vt,tt,u,vp'
–config-file | -c <config file> Use the specified config file
@@ -268,7 +279,7 @@ conf/browser.conf.json)
–verbose | -v Verbose output.
-
WPSCAN EXAMPLES==
+
WPSCAN EXAMPLES==
Do ‘non-intrusive’ checks…
@@ -286,48 +297,49 @@ conf/browser.conf.json)
ruby wpscan.rb --url www.example.com --enumerate p
-
WPSTOOLS ARGUMENTS==
+
–help | -h This help screen. –Verbose | -v Verbose output. –update
| -u Update to the latest revision. –generate_plugin_list [number of
pages] Generate a new data/plugins.txt file. (supply number of
-pages to parse, default : 150) –gpl Alias for –generate_plugin_list
+
pages to parse, default : 150) –gpl Alias for
+–generate_plugin_list
-
WPSTOOLS EXAMPLES==
+
-
ruby wpstools.rb –generate_plugin_list 150
+
ruby wpstools.rb –generate_plugin_list 150
-
PROJECT HOME===
+
PROJECT HOME===
www.wpscan.org
-
REPOSITORY===
+
REPOSITORY===
github.com/wpscanteam/wpscan
-
ISSUES===
+
ISSUES===
github.com/wpscanteam/wpscan/issues
-
SPONSOR===
+
WPScan is sponsored by the RandomStorm Open Source Initiative.
Visit RandomStorm at www.randomstorm.com
-