readme linting
This commit is contained in:
Christian Mehlmauer
62
README.md
62
README.md
@@ -7,7 +7,7 @@
|
|||||||
|
|
||||||
# INSTALL
|
# INSTALL
|
||||||
|
|
||||||
## Prerequisites:
|
## Prerequisites
|
||||||
|
|
||||||
- (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
|
- (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
|
||||||
- Ruby >= 2.3 - Recommended: latest
|
- Ruby >= 2.3 - Recommended: latest
|
||||||
@@ -16,19 +16,19 @@
|
|||||||
- The 7.29 has a segfault
|
- The 7.29 has a segfault
|
||||||
- RubyGems - Recommended: latest
|
- RubyGems - Recommended: latest
|
||||||
|
|
||||||
### From RubyGems (Recommended):
|
### From RubyGems (Recommended)
|
||||||
|
|
||||||
```
|
```shell
|
||||||
gem install wpscan
|
gem install wpscan
|
||||||
```
|
```
|
||||||
|
|
||||||
On MacOSX, if a ```Gem::FilePermissionError``` is raised due to the Apple's System Integrity Protection (SIP), either install RVM and install wpscan again, or run ```sudo gem install -n /usr/local/bin wpscan``` (see [#1286](https://github.com/wpscanteam/wpscan/issues/1286))
|
On MacOSX, if a ```Gem::FilePermissionError``` is raised due to the Apple's System Integrity Protection (SIP), either install RVM and install wpscan again, or run ```sudo gem install -n /usr/local/bin wpscan``` (see [#1286](https://github.com/wpscanteam/wpscan/issues/1286))
|
||||||
|
|
||||||
### From sources (NOT Recommended):
|
### From sources (NOT Recommended)
|
||||||
|
|
||||||
Prerequisites: Git
|
Prerequisites: Git
|
||||||
|
|
||||||
```
|
```shell
|
||||||
git clone https://github.com/wpscanteam/wpscan
|
git clone https://github.com/wpscanteam/wpscan
|
||||||
|
|
||||||
cd wpscan/
|
cd wpscan/
|
||||||
@@ -47,14 +47,17 @@ Updating WPScan itself is either done via ```gem update wpscan``` or the package
|
|||||||
Pull the repo with ```docker pull wpscanteam/wpscan```
|
Pull the repo with ```docker pull wpscanteam/wpscan```
|
||||||
|
|
||||||
Enumerating usernames
|
Enumerating usernames
|
||||||
```
|
|
||||||
|
```shell
|
||||||
docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u
|
docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u
|
||||||
```
|
```
|
||||||
|
|
||||||
Enumerating a range of usernames
|
Enumerating a range of usernames
|
||||||
```
|
|
||||||
|
```shell
|
||||||
docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-100
|
docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-100
|
||||||
```
|
```
|
||||||
|
|
||||||
** replace u1-100 with a range of your choice.
|
** replace u1-100 with a range of your choice.
|
||||||
|
|
||||||
# Usage
|
# Usage
|
||||||
@@ -68,41 +71,44 @@ The DB is located at ~/.wpscan/db
|
|||||||
|
|
||||||
WPScan can load all options (including the --url) from configuration files, the following locations are checked (order: first to last):
|
WPScan can load all options (including the --url) from configuration files, the following locations are checked (order: first to last):
|
||||||
|
|
||||||
* ~/.wpscan/cli_options.json
|
- ~/.wpscan/cli_options.json
|
||||||
* ~/.wpscan/cli_options.yml
|
- ~/.wpscan/cli_options.yml
|
||||||
* pwd/.wpscan/cli_options.json
|
- pwd/.wpscan/cli_options.json
|
||||||
* pwd/.wpscan/cli_options.yml
|
- pwd/.wpscan/cli_options.yml
|
||||||
|
|
||||||
If those files exist, options from them will be loaded and overridden if found twice.
|
If those files exist, options from them will be loaded and overridden if found twice.
|
||||||
|
|
||||||
e.g:
|
e.g:
|
||||||
|
|
||||||
~/.wpscan/cli_options.yml:
|
~/.wpscan/cli_options.yml:
|
||||||
```
|
|
||||||
|
```yml
|
||||||
proxy: 'http://127.0.0.1:8080'
|
proxy: 'http://127.0.0.1:8080'
|
||||||
verbose: true
|
verbose: true
|
||||||
```
|
```
|
||||||
|
|
||||||
pwd/.wpscan/cli_options.yml:
|
pwd/.wpscan/cli_options.yml:
|
||||||
```
|
|
||||||
|
```yml
|
||||||
proxy: 'socks5://127.0.0.1:9090'
|
proxy: 'socks5://127.0.0.1:9090'
|
||||||
url: 'http://target.tld'
|
url: 'http://target.tld'
|
||||||
```
|
```
|
||||||
|
|
||||||
Running ```wpscan``` in the current directory (pwd), is the same as ```wpscan -v --proxy socks5://127.0.0.1:9090 --url http://target.tld```
|
Running ```wpscan``` in the current directory (pwd), is the same as ```wpscan -v --proxy socks5://127.0.0.1:9090 --url http://target.tld```
|
||||||
|
|
||||||
|
|
||||||
Enumerating usernames
|
Enumerating usernames
|
||||||
```
|
|
||||||
|
```shell
|
||||||
wpscan --url https://target.tld/ --enumerate u
|
wpscan --url https://target.tld/ --enumerate u
|
||||||
```
|
```
|
||||||
|
|
||||||
Enumerating a range of usernames
|
Enumerating a range of usernames
|
||||||
```
|
|
||||||
|
```shell
|
||||||
wpscan --url https://target.tld/ --enumerate u1-100
|
wpscan --url https://target.tld/ --enumerate u1-100
|
||||||
```
|
```
|
||||||
** replace u1-100 with a range of your choice.
|
|
||||||
|
|
||||||
|
** replace u1-100 with a range of your choice.
|
||||||
|
|
||||||
# PROJECT HOME
|
# PROJECT HOME
|
||||||
|
|
||||||
@@ -134,28 +140,30 @@ A commercial use is one intended for commercial advantage or monetary compensati
|
|||||||
|
|
||||||
Example cases of commercialization are:
|
Example cases of commercialization are:
|
||||||
|
|
||||||
- Using WPScan to provide commercial managed/Software-as-a-Service services.
|
- Using WPScan to provide commercial managed/Software-as-a-Service services.
|
||||||
- Distributing WPScan as a commercial product or as part of one.
|
- Distributing WPScan as a commercial product or as part of one.
|
||||||
- Using WPScan as a value added service/product.
|
- Using WPScan as a value added service/product.
|
||||||
|
|
||||||
Example cases which do not require a commercial license, and thus fall under the terms set out below, include (but are not limited to):
|
Example cases which do not require a commercial license, and thus fall under the terms set out below, include (but are not limited to):
|
||||||
|
|
||||||
- Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit.
|
- Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit.
|
||||||
- Penetration Testing Linux Distributions including but not limited to Kali Linux, SamuraiWTF, BackBox Linux.
|
- Penetration Testing Linux Distributions including but not limited to Kali Linux, SamuraiWTF, BackBox Linux.
|
||||||
- Using WPScan to test your own systems.
|
- Using WPScan to test your own systems.
|
||||||
- Any non-commercial use of WPScan.
|
- Any non-commercial use of WPScan.
|
||||||
|
|
||||||
If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
|
If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
|
||||||
|
|
||||||
|
We may grant commercial licenses at no monetary cost at our own discretion if the commercial usage is deemed by the WPScan Team to significantly benefit WPScan.
|
||||||
|
|
||||||
Free-use Terms and Conditions;
|
Free-use Terms and Conditions;
|
||||||
|
|
||||||
### 3. Redistribution
|
### 3. Redistribution
|
||||||
|
|
||||||
Redistribution is permitted under the following conditions:
|
Redistribution is permitted under the following conditions:
|
||||||
|
|
||||||
- Unmodified License is provided with WPScan.
|
- Unmodified License is provided with WPScan.
|
||||||
- Unmodified Copyright notices are provided with WPScan.
|
- Unmodified Copyright notices are provided with WPScan.
|
||||||
- Does not conflict with the commercialization clause.
|
- Does not conflict with the commercialization clause.
|
||||||
|
|
||||||
### 4. Copying
|
### 4. Copying
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user