From 6da2da90f7bbaff111ed690aca6cf6960740251b Mon Sep 17 00:00:00 2001 From: ethicalhack3r Date: Wed, 11 Jul 2012 22:39:27 +0200 Subject: [PATCH] Initial README file --- README.md | 138 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 135 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 113dbd57..e7c547b0 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,136 @@ -wpscan -====== +![alt text](http://dvwa.co.uk/images/wpscan_logo_407x80.png "WPScan - WordPress Security Scanner") -WPScan is a black box WordPress vulnerability scanner. \ No newline at end of file +#### LICENSE + +WPScan - WordPress Security Scanner +Copyright (C), 2011-2012 Ryan Dewhurst AKA ethicalhack3r + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . + +ryandewhurst at gmail + +#### INSTALL + +WPScan comes pre-installed on the following Linux distributions: + +- [BackTrack Linux](http://www.backtrack-linux.org/) since version 5 R1 in the /pentest/web/wpscan/ directory. +- [SamuraiWTF](http://samurai.inguardians.com/) +- [BackBox Linux](http://www.backbox.org/) + +WPScan only supports Ruby => 1.9. + +*Installing on Debian/Ubuntu:* + +```sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby``` + +``` sudo gem install typhoeus nokogiri json``` + +*Installing on other nix:* (not tested) + +```sudo gem install typhoeus nokogiri json``` + +*Installing on Mac OSX:* + +```sudo gem install typhoeus nokogiri json``` + +#### KNOWN ISSUES + + - Typhoeus segmentation fault + Update curl to at least v7.21 (you may have to install it from sources) + See http://code.google.com/p/wpscan/issues/detail?id=81 + + - If you have one the following errors : "-bash: !t: event not found", "-bash: !u: event not found" + It happens whith enumeration : just put the 't' or 'u' before the 'p!' : '-e tp!' instead of '-e p!t' + +#### WPSCAN ARGUMENTS + + --url | -u The WordPress URL/domain to scan. + + --force | -f Forces WPScan to not check if the remote site is running WordPress. + + --enumerate | -e [option(s)] Enumeration. + option : + u usernames from id 1 to 10 + u[10-20] usernames from id 10 to 20 (you must write [] chars) + p plugins + p! only vulnerable plugins + t timthumbs + Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins + If no option is supplied, the default is 'upt' + + --follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not + + --proxy Supply a proxy in the format host:port (will override the one from conf/browser.conf.json) + + --wordlist | -w Supply a wordlist for the password bruter and do the brute. + + --threads | -t The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json) + + --username | -U Only brute force the supplied username. + + --help | -h This help screen. + + --verbose | -v Verbose output. + +#### WPSCAN EXAMPLES + +Do 'non-intrusive' checks... + +```ruby wpscan.rb --url www.example.com``` + +Do wordlist password brute force on enumerated users using 50 threads... + +```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50``` + +Do wordlist password brute force on the 'admin' username only... + +```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin``` + +Enumerate instaled plugins... + +```ruby wpscan.rb --url www.example.com --enumerate p``` + +Run all enumeration tools... + +```ruby wpscan.rb --url www.example.com --enumerate``` + +#### WPSTOOLS ARGUMENTS + + --help | -h This help screen. + --Verbose | -v Verbose output. + --update | -u Update to the latest revision. + --generate_plugin_list [number of pages] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150) + --gpl Alias for --generate_plugin_list + +#### WPSTOOLS EXAMPLES + +Generate a new 'most popular' plugin list, up to 150 pages... + +```ruby wpstools.rb --generate_plugin_list 150``` + +#### PROJECT HOME + +www.wpscan.org + +#### GIT REPOSITORY + +https://github.com/wpscanteam/ + +#### ISSUES + +https://github.com/wpscanteam/testpage/issues + +#### SPONSOR + +WPScan is sponsored by the [RandomStorm](http://www.randomstorm.com) Open Source Initiative.