diff --git a/Dockerfile b/Dockerfile index 0fd881a9..20c6e020 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,20 +1,19 @@ -FROM ruby:2.4-slim +FROM ruby:2.4-alpine MAINTAINER WPScan Team -ARG BUNDLER_ARGS="--system --jobs=8 --without test" +ARG BUNDLER_ARGS="--jobs=8 --without test" -RUN DEBIAN_FRONTEND=noninteractive && \ - rm -rf /var/lib/apt/lists/* && \ - apt-get update && \ - apt-get --no-install-recommends -qq -y install curl git ca-certificates openssl libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev build-essential procps - -RUN useradd -d /wpscan wpscan +RUN adduser -h /wpscan -g WPScan -D wpscan RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc -RUN mkdir /wpscan COPY Gemfile /wpscan -WORKDIR /wpscan -RUN bundle install $BUNDLER_ARGS + +# runtime dependecies +RUN apk add --no-cache libcurl procps && \ + # build dependecies + apk add --no-cache --virtual build-deps libcurl ruby-dev libffi-dev make gcc musl-dev zlib-dev procps && \ + bundle install --system --gemfile=/wpscan/Gemfile $BUNDLER_ARGS && \ + apk del --no-cache build-deps COPY . /wpscan RUN chown -R wpscan:wpscan /wpscan diff --git a/README.md b/README.md index 7fd84a0d..41198dc7 100644 --- a/README.md +++ b/README.md @@ -97,6 +97,35 @@ WPScan comes pre-installed on the following Linux distributions: Windows is not supported +We suggest you use our official Docker image from https://hub.docker.com/r/wpscanteam/wpscan/ to avoid installation problems. + +# DOCKER +Pull the repo with `docker pull wpscanteam/wpscan` + +## Start WPScan + +``` +docker run -it --rm wpscanteam/wpscan -u https://yourblog.com [options] +``` + +For the available Options, please see https://github.com/wpscanteam/wpscan#wpscan-arguments + +If you run the git version of wpscan we included some binstubs in ./bin for easier start of wpscan. + +## Examples + +Mount a local wordlist to the docker container and start a bruteforce attack for user admin + +``` +docker run -it --rm -v ~/wordlists:/wordlists wpscanteam/wpscan --url https://yourblog.com --wordlist /wordlists/crackstation.txt --username admin +``` + +(This mounts the host directory `~/wordlists` to the container in the path `/wordlists`) + +Published on https://hub.docker.com/r/wpscanteam/wpscan/ + +# Manual install + ## Prerequisites - Ruby >= 2.1.9 - Recommended: 2.4.0 @@ -125,7 +154,7 @@ Windows is not supported Apple Xcode, Command Line Tools and the libffi are needed (to be able to install the FFI gem), See [http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error](http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error) -## Installing with RVM (recommended) +## Installing with RVM (recommended when doing a manual install) If you are using GNOME Terminal, there are some steps required before executing the commands. See here for more information: https://rvm.io/integration/gnome-terminal#integrating-rvm-with-gnome-terminal @@ -150,29 +179,6 @@ https://rvm.io/integration/gnome-terminal#integrating-rvm-with-gnome-terminal cd wpscan sudo gem install bundler && bundle install --without test -# DOCKER -Pull the repo with `docker pull wpscanteam/wpscan` - -## Start WPScan - -``` -docker run --rm wpscanteam/wpscan -u https://yourblog.com [options] -``` - -For the available Options, please see https://github.com/wpscanteam/wpscan#wpscan-arguments - -## Examples - -Mount a local wordlist to the docker container and start a bruteforce attack for user admin - -``` -docker run --rm -v ~/wordlists:/wordlists wpscanteam/wpscan --url https://yourblog.com --wordlist /wordlists/crackstation.txt --username admin -``` - -(This mounts the host directory `~/wordlists` to the container in the path `/wordlists`) - -Published on https://hub.docker.com/r/wpscanteam/wpscan/ - # KNOWN ISSUES - Typhoeus segmentation fault diff --git a/bin/wpscan b/bin/wpscan index 852b4b4d..59a68c5c 100755 --- a/bin/wpscan +++ b/bin/wpscan @@ -10,5 +10,5 @@ DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" cd $DIR/../ docker build -q -t wpscan:git . -docker run --rm wpscan:git "$@" +docker run -it --rm wpscan:git "$@" diff --git a/bin/wpscan-dev b/bin/wpscan-dev index f9a5e810..4da39084 100755 --- a/bin/wpscan-dev +++ b/bin/wpscan-dev @@ -12,5 +12,5 @@ cd $DIR/../ if [[ -n "$WPSCAN_BUILD" ]]; then docker build -q -t wpscan:git . fi -docker run --rm -v $DIR/../:/wpscan wpscan:git "$@" +docker run -it --rm -v $DIR/../:/wpscan wpscan:git "$@"