garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Docs

Browse Source
This commit is contained in:
Christian Mehlmauer
2013-01-09 23:05:48 +01:00
parent 4062e4dfbc
commit 5f0b96f3e9
61 changed files with 436 additions and 2488 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
doc/README.html
View File

@@ -193,23 +193,23 @@ href="http://www.gnu.org/licenses/">www.gnu.org/licenses/</a>&gt;.</p>
<span class="ruby-operator">-</span><span class="ruby-operator">&gt;</span> <span class="ruby-constant">Installing</span> <span class="ruby-identifier">on</span> <span class="ruby-constant">Debian</span><span class="ruby-operator">/</span><span class="ruby-constant">Ubuntu</span><span class="ruby-operator">:</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">apt</span><span class="ruby-operator">-</span><span class="ruby-identifier">get</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">libcurl4</span><span class="ruby-operator">-</span><span class="ruby-identifier">gnutls</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span> <span class="ruby-identifier">libopenssl</span><span class="ruby-operator">-</span><span class="ruby-identifier">ruby</span> <span class="ruby-identifier">libxml2</span> <span class="ruby-identifier">libxml2</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span> <span class="ruby-identifier">libxslt1</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">apt</span><span class="ruby-operator">-</span><span class="ruby-identifier">get</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">libcurl4</span><span class="ruby-operator">-</span><span class="ruby-identifier">gnutls</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span> <span class="ruby-identifier">libopenssl</span><span class="ruby-operator">-</span><span class="ruby-identifier">ruby</span> <span class="ruby-identifier">libxml2</span> <span class="ruby-identifier">libxml2</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span> <span class="ruby-identifier">libxslt1</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span> <span class="ruby-identifier">ruby</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span>
<span class="ruby-identifier">git</span> <span class="ruby-identifier">clone</span> <span class="ruby-identifier">https</span>:<span class="ruby-operator">/</span><span class="ruby-regexp">%rgithub.com/</span><span class="ruby-identifier">wpscanteam</span><span class="ruby-operator">/</span><span class="ruby-identifier">wpscan</span>.<span class="ruby-identifier">git</span>
<span class="ruby-identifier">cd</span> <span class="ruby-identifier">wpscan</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">gem</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">bundler</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">bundle</span> <span class="ruby-identifier">install</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">gem</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">bundler</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">bundle</span> <span class="ruby-identifier">install</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">without</span> <span class="ruby-identifier">test</span> <span class="ruby-identifier">development</span>
<span class="ruby-operator">-</span><span class="ruby-operator">&gt;</span> <span class="ruby-constant">Installing</span> <span class="ruby-identifier">on</span> <span class="ruby-constant">Fedora</span><span class="ruby-operator">:</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">yum</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">libcurl</span><span class="ruby-operator">-</span><span class="ruby-identifier">devel</span>
<span class="ruby-identifier">git</span> <span class="ruby-identifier">clone</span> <span class="ruby-identifier">https</span>:<span class="ruby-operator">/</span><span class="ruby-regexp">%rgithub.com/</span><span class="ruby-identifier">wpscanteam</span><span class="ruby-operator">/</span><span class="ruby-identifier">wpscan</span>.<span class="ruby-identifier">git</span>
<span class="ruby-identifier">cd</span> <span class="ruby-identifier">wpscan</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">gem</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">bundler</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">bundle</span> <span class="ruby-identifier">install</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">gem</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">bundler</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">bundle</span> <span class="ruby-identifier">install</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">without</span> <span class="ruby-identifier">test</span> <span class="ruby-identifier">development</span>
<span class="ruby-operator">-</span><span class="ruby-operator">&gt;</span> <span class="ruby-constant">Installing</span> <span class="ruby-identifier">on</span> <span class="ruby-constant">Mac</span> <span class="ruby-constant">OS</span> <span class="ruby-constant">X</span><span class="ruby-operator">:</span>
<span class="ruby-identifier">git</span> <span class="ruby-identifier">clone</span> <span class="ruby-identifier">https</span>:<span class="ruby-operator">/</span><span class="ruby-regexp">%rgithub.com/</span><span class="ruby-identifier">wpscanteam</span><span class="ruby-operator">/</span><span class="ruby-identifier">wpscan</span>.<span class="ruby-identifier">git</span>
<span class="ruby-identifier">cd</span> <span class="ruby-identifier">wpscan</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">gem</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">bundler</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">bundle</span> <span class="ruby-identifier">install</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">gem</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">bundler</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">bundle</span> <span class="ruby-identifier">install</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">without</span> <span class="ruby-identifier">test</span> <span class="ruby-identifier">development</span>
</pre>
<h2 id="label-KNOWN+ISSUES%3D%3D">KNOWN ISSUES==</h2>
@@ -286,13 +286,15 @@ specified it. Subdirectories are allowed</p>
for the plugins directory. If not supplied, WPScan will use
wp-content-dir/plugins. Subdirectories are allowed</p>
<p>proxy Supply a proxy in the format host:port or protocol://host:port
(will override the one from conf/browser.conf.json). HTTP, SOCKS4 SOCKS4A
and SOCKS5 are supported. If no protocol is given (format host:port), HTTP
will be used</p>
<p>proxy &lt;[protocol://]host:port&gt; Supply a proxy (will override the
one from conf/browser.conf.json).</p>
<p>proxy-auth Supply the proxy login credentials in the format
username:password (will override the one from conf/browser.conf.json).</p>
<pre>HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used</pre>
<p>proxy-auth &lt;username:password&gt; Supply the proxy login credentials
(will override the one from conf/browser.conf.json).</p>
<p>basic-auth &lt;username:password&gt; Set the HTTP Basic authentification</p>
<p>wordlist | -w &lt;wordlist&gt; Supply a wordlist for the password bruter
and do the brute.</p>
@@ -331,7 +333,9 @@ conf/browser.conf.json)</p>
| -u Update to the latest revision. generate_plugin_list [number of
pages] Generate a new data/plugins.txt file. (supply number of
<strong>pages</strong> to parse, default : 150) gpl Alias for
generate_plugin_list</p>
generate_plugin_list check-local-vulnerable-files | clvf &lt;local
directory&gt; Perform a recursive scan in the &lt;local directory&gt; to
find vulnerable files or shells</p>
<h2 id="label-WPSTOOLS+EXAMPLES%3D%3D">WPSTOOLS EXAMPLES==</h2>
<ul><li>
@@ -339,6 +343,11 @@ pages] Generate a new data/plugins.txt file. (supply number of
</li></ul>
<p>ruby wpstools.rb generate_plugin_list 150</p>
<ul><li>
<p>Locally scan a wordpress installation for vulnerable files or shells :</p>
</li></ul>
<p>ruby wpstools.rb check-local-vulnerable-files /var/www/wordpress/</p>
<h3 id="label-PROJECT+HOME%3D%3D%3D">PROJECT HOME===</h3>