WPScan files

README

@@ -0,0 +1,166 @@
+__________________________________________________
+ __          _______   _____
+ \ \        / /  __ \ / ____|
+  \ \  /\  / /| |__) | (___   ___  __ _ _ __
+   \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
+    \  /\  /  | |     ____) | (__| (_| | | | |
+     \/  \/   |_|    |_____/ \___|\__,_|_| |_|
+
+WordPress Security Scanner by ethicalhack3r.co.uk
+__________________________________________________
+
+*THE MOST UP TO DATE README FILE CAN BE FOUND HERE*
+
+http://code.google.com/p/wpscan/wiki/README
+
+==LICENSE==
+
+WPScan - WordPress Security Scanner
+Copyright (C) 2011  Ryan Dewhurst AKA ethicalhack3r
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+ryandewhurst at gmail
+
+
+==INSTALL==
+
+WPScan comes pre-installed on BackTrack5 R1 in the /pentest/web/wpscan directory. WPScan only supports Ruby => 1.9.
+
+  -> Installing on Backtrack5 Gnome/KDE 32bit :
+
+    sudo apt-get install libcurl4-gnutls-dev
+    sudo gem install --user-install mime-types typhoeus nokogiri json
+
+
+  -> Installing on Debian/Ubuntu :
+
+    sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby
+    sudo gem install typhoeus nokogiri json
+
+
+  -> Installing on other nix : (not tested)
+
+    sudo gem install typhoeus nokogiri json
+
+
+  -> Installing on Windows : (not tested)
+
+    gem install typhoeus ("Windows is not officially supported")
+    gem install nokogiri json
+
+
+  -> Installing on Mac OSX :
+
+    sudo gem install typhoeus nokogiri json
+
+
+==KNOWN ISSUES==
+
+  - Typhoeus segmentation fault
+      Update curl to at least v7.21 (you may have to install it from sources)
+      See http://code.google.com/p/wpscan/issues/detail?id=81
+
+  - If you have one the following errors : "-bash: !t: event not found", "-bash: !u: event not found"
+      It happens whith enumeration : just put the 't' or 'u' before the 'p!' : '-e tp!' instead of '-e p!t'
+
+
+==WPSCAN ARGUMENTS==
+
+--update   Update to the latest revision
+
+--url   | -u <target url>  The WordPress URL/domain to scan.
+
+--force | -f Forces WPScan to not check if the remote site is running WordPress.
+
+--enumerate | -e [option(s)]  Enumeration.
+ option :
+   u        usernames from id 1 to 10
+   u[10-20] usernames from id 10 to 20 (you must write [] chars)
+   p        plugins
+   p!       only vulnerable plugins
+   t        timthumbs
+ Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins
+ If no option is supplied, the default is 'tup!'
+
+--follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not
+
+--wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed
+
+--wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
+
+--proxy  Supply a proxy in the format host:port (will override the one from conf/browser.conf.json)
+
+--wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.
+
+--threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
+
+--username | -U <username>  Only brute force the supplied username.
+
+--help     | -h This help screen.
+
+--verbose  | -v Verbose output.
+
+
+==WPSCAN EXAMPLES==
+
+Do 'non-intrusive' checks...
+
+ruby wpscan.rb --url www.example.com
+
+Do wordlist password brute force on enumerated users using 50 threads...
+
+ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
+
+Do wordlist password brute force on the 'admin' username only...
+
+ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
+
+Enumerate instaled plugins...
+
+ruby wpscan.rb --url www.example.com --enumerate p
+
+
+==WPSTOOLS ARGUMENTS==
+
+--help    | -h   This help screen.
+--Verbose | -v   Verbose output.
+--update  | -u   Update to the latest revision.
+--generate_plugin_list [number of pages]  Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
+--gpl  Alias for --generate_plugin_list
+
+
+==WPSTOOLS EXAMPLES==
+
+- Generate a new 'most popular' plugin list, up to 150 pages ...
+ruby wpstools.rb --generate_plugin_list 150
+
+
+===PROJECT HOME===
+
+http://code.google.com/p/wpscan/
+
+===SUBVERSION REPOSITORY===
+
+svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only
+
+===ISSUES===
+
+http://code.google.com/p/wpscan/issues/list
+
+===SPONSOR===
+
+WPScan is sponsored by the RandomStorm Open Source Initiative.
+
+Visit RandomStorm at http://www.randomstorm.com