garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes #464 - Readmes updated to reflect recent changes about the config file & batch mode

Browse Source
This commit is contained in:
erwanlr
2014-04-30 16:59:17 +02:00
parent ea57290792
commit a00f0d8367
4 changed files with 69 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
README
View File

@@ -132,15 +132,15 @@ ryandewhurst at gmail
ap all plugins (can take a long time) ap all plugins (can take a long time)
tt timthumbs tt timthumbs
t themes t themes
vp only vulnerable themes vt only vulnerable themes
at all themes (can take a long time) at all themes (can take a long time)
Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins
If no option is supplied, the default is 'vt,tt,u,vp' If no option is supplied, the default is "vt,tt,u,vp"
--exclude-content-based '<regexp or string>' Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied --exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
You do not need to provide the regexp delimiters, but you must write the quotes (simple or double) You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
--config-file | -c <config file> Use the specified config file --config-file | -c <config file> Use the specified config file, see the example.conf.json
--user-agent | -a <User-Agent> Use the specified User-Agent --user-agent | -a <User-Agent> Use the specified User-Agent
@@ -152,31 +152,34 @@ ryandewhurst at gmail
--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed --wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json). --proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).
HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
--proxy-auth <username:password> Supply the proxy login credentials (will override the one from conf/browser.conf.json). --proxy-auth <username:password> Supply the proxy login credentials.
--basic-auth <username:password> Set the HTTP Basic authentication --basic-auth <username:password> Set the HTTP Basic authentication.
--wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute. --wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute.
--threads | -t <number of threads> The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json) --threads | -t <number of threads> The number of threads to use when multi-threading requests.
--username | -U <username> Only brute force the supplied username. --username | -U <username> Only brute force the supplied username.
--cache-ttl <cache-ttl> Typhoeus cache TTL --cache-ttl <cache-ttl> Typhoeus cache TTL.
--request-timeout <request-timeout> Request Timeout --request-timeout <request-timeout> Request Timeout.
--connect-timeout <connect-timeout> Connect Timeout --connect-timeout <connect-timeout> Connect Timeout.
--max-threads <max-threads> Maximum Threads --max-threads <max-threads> Maximum Threads.
--help | -h This help screen. --help | -h This help screen.
--verbose | -v Verbose output. --verbose | -v Verbose output.
--batch Never ask for user input, use the default behaviour.
==WPSCAN EXAMPLES== ==WPSCAN EXAMPLES==
Do 'non-intrusive' checks... Do 'non-intrusive' checks...
@@ -213,17 +216,21 @@ Debug output...
==WPSTOOLS ARGUMENTS== ==WPSTOOLS ARGUMENTS==
--help | -h This help screen. -v, --verbose Verbose output
--Verbose | -v Verbose output. --check-vuln-ref-urls, --cvru Check all the vulnerabilities reference urls for 404
--update | -u Update to the latest revision. --check-local-vulnerable-files, --clvf LOCAL_DIRECTORY Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells
--generate_plugin_list [number of pages] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150) --generate-plugin-list, --gpl [NUMBER_OF_PAGES] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
--gpl Alias for --generate_plugin_list --generate-full-plugin-list, --gfpl Generate a new full data/plugins.txt file
--check-local-vulnerable-files | --clvf <local directory> Perform a recursive scan in the <local directory> to find vulnerable files or shells --generate-theme-list, --gtl [NUMBER_OF_PAGES] Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 20)
--generate-full-theme-list, --gftl Generate a new full data/themes.txt file
--generate-all, --ga Generate a new full plugins, full themes, popular plugins and popular themes list
-s, --stats Show WpScan Database statistics
--spellcheck, --sc Check all files for common spelling mistakes.
==WPSTOOLS EXAMPLES== ==WPSTOOLS EXAMPLES==
- Generate a new 'most popular' plugin list, up to 150 pages ... - Generate a new 'most popular' plugin list, up to 150 pages ...
ruby wpstools.rb --generate_plugin_list 150 ruby wpstools.rb --generate-plugin-list 150
- Locally scan a wordpress installation for vulnerable files or shells : - Locally scan a wordpress installation for vulnerable files or shells :
ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/ ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/

52
README.md
View File

@@ -131,7 +131,7 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
#### WPSCAN ARGUMENTS #### WPSCAN ARGUMENTS
--update Update to the latest revision --update Update to the latest revision
--url | -u <target url> The WordPress URL/domain to scan. --url | -u <target url> The WordPress URL/domain to scan.
@@ -148,13 +148,13 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
t themes t themes
vt only vulnerable themes vt only vulnerable themes
at all themes (can take a long time) at all themes (can take a long time)
Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins
If no option is supplied, the default is 'vt,tt,u,vp' If no option is supplied, the default is "vt,tt,u,vp"
--exclude-content-based '<regexp or string>' Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied --exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
You do not need to provide the regexp delimiters, but you must write the quotes (simple or double) You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
--config-file | -c <config file> Use the specified config file --config-file | -c <config file> Use the specified config file, see the example.conf.json
--user-agent | -a <User-Agent> Use the specified User-Agent --user-agent | -a <User-Agent> Use the specified User-Agent
@@ -166,31 +166,34 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed --wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json). --proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).
HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
--proxy-auth <username:password> Supply the proxy login credentials (will override the one from conf/browser.conf.json). --proxy-auth <username:password> Supply the proxy login credentials.
--basic-auth <username:password> Set the HTTP Basic authentication --basic-auth <username:password> Set the HTTP Basic authentication.
--wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute. --wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute.
--threads | -t <number of threads> The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json) --threads | -t <number of threads> The number of threads to use when multi-threading requests.
--username | -U <username> Only brute force the supplied username. --username | -U <username> Only brute force the supplied username.
--cache-ttl <cache-ttl> Typhoeus cache TTL --cache-ttl <cache-ttl> Typhoeus cache TTL.
--request-timeout <request-timeout> Request Timeout --request-timeout <request-timeout> Request Timeout.
--connect-timeout <connect-timeout> Connect Timeout --connect-timeout <connect-timeout> Connect Timeout.
--max-threads <max-threads> Maximum Threads --max-threads <max-threads> Maximum Threads.
--help | -h This help screen. --help | -h This help screen.
--verbose | -v Verbose output. --verbose | -v Verbose output.
--batch Never ask for user input, use the default behaviour.
#### WPSCAN EXAMPLES #### WPSCAN EXAMPLES
Do 'non-intrusive' checks... Do 'non-intrusive' checks...
@@ -227,18 +230,23 @@ Debug output...
#### WPSTOOLS ARGUMENTS #### WPSTOOLS ARGUMENTS
--help | -h This help screen. -v, --verbose Verbose output
--Verbose | -v Verbose output. --check-vuln-ref-urls, --cvru Check all the vulnerabilities reference urls for 404
--update | -u Update to the latest revision. --check-local-vulnerable-files, --clvf LOCAL_DIRECTORY Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells
--generate_plugin_list [number of pages] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150) --generate-plugin-list, --gpl [NUMBER_OF_PAGES] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
--gpl Alias for --generate_plugin_list --generate-full-plugin-list, --gfpl Generate a new full data/plugins.txt file
--check-local-vulnerable-files | --clvf <local directory> Perform a recursive scan in the <local directory> to find vulnerable files or shells --generate-theme-list, --gtl [NUMBER_OF_PAGES] Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 20)
--generate-full-theme-list, --gftl Generate a new full data/themes.txt file
--generate-all, --ga Generate a new full plugins, full themes, popular plugins and popular themes list
-s, --stats Show WpScan Database statistics.
--spellcheck, --sc Check all files for common spelling mistakes.
#### WPSTOOLS EXAMPLES #### WPSTOOLS EXAMPLES
Generate a new 'most popular' plugin list, up to 150 pages... Generate a new 'most popular' plugin list, up to 150 pages...
```ruby wpstools.rb --generate_plugin_list 150``` ```ruby wpstools.rb --generate-plugin-list 150```
Locally scan a wordpress installation for vulnerable files or shells : Locally scan a wordpress installation for vulnerable files or shells :
```ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/``` ```ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/```

19
lib/wpscan/wpscan_helper.rb
View File

@@ -60,8 +60,7 @@ end
def help def help
puts 'Help :' puts 'Help :'
puts puts
puts 'Some values are settable in conf/browser.conf.json :' puts 'Some values are settable in a config file, see the example.conf.json'
puts ' user-agent, proxy, proxy-auth, threads, cache timeout and request timeout'
puts puts
puts '--update Update to the latest revision' puts '--update Update to the latest revision'
puts '--url | -u <target url> The WordPress URL/domain to scan.' puts '--url | -u <target url> The WordPress URL/domain to scan.'
@@ -82,23 +81,23 @@ def help
puts puts
puts '--exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied' puts '--exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied'
puts ' You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)' puts ' You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)'
puts '--config-file | -c <config file> Use the specified config file' puts '--config-file | -c <config file> Use the specified config file, see the example.conf.json'
puts '--user-agent | -a <User-Agent> Use the specified User-Agent' puts '--user-agent | -a <User-Agent> Use the specified User-Agent'
puts '--random-agent | -r Use a random User-Agent' puts '--random-agent | -r Use a random User-Agent'
puts '--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not' puts '--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
puts '--wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed' puts '--wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed'
puts '--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed' puts '--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'
puts '--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).' puts '--proxy <[protocol://]host:port> Supply a proxy.'
puts ' HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used' puts ' HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used'
puts '--proxy-auth <username:password> Supply the proxy login credentials (will override the one from conf/browser.conf.json).' puts '--proxy-auth <username:password> Supply the proxy login credentials.'
puts '--basic-auth <username:password> Set the HTTP Basic authentication' puts '--basic-auth <username:password> Set the HTTP Basic authentication'
puts '--wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute.' puts '--wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute.'
puts '--threads | -t <number of threads> The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)' puts '--threads | -t <number of threads> The number of threads to use when multi-threading requests.'
puts '--username | -U <username> Only brute force the supplied username.' puts '--username | -U <username> Only brute force the supplied username.'
puts '--cache-ttl <cache-ttl> Typhoeus cache TTL' puts '--cache-ttl <cache-ttl> Typhoeus cache TTL.'
puts '--request-timeout <request-timeout> Request Timeout' puts '--request-timeout <request-timeout> Request Timeout.'
puts '--connect-timeout <connect-timeout> Connect Timeout' puts '--connect-timeout <connect-timeout> Connect Timeout.'
puts '--max-threads <max-threads> Maximum Threads' puts '--max-threads <max-threads> Maximum Threads.'
puts '--help | -h This help screen.' puts '--help | -h This help screen.'
puts '--verbose | -v Verbose output.' puts '--verbose | -v Verbose output.'
puts '--batch Never ask for user input, use the default behaviour.' puts '--batch Never ask for user input, use the default behaviour.'

2
lib/wpstools/plugins/stats/stats_plugin.rb
View File

@@ -6,7 +6,7 @@ class StatsPlugin < Plugin
super(author: 'WPScanTeam - Christian Mehlmauer') super(author: 'WPScanTeam - Christian Mehlmauer')
register_options( register_options(
['--stats', '--s', 'Show WpScan Database statistics'] ['--stats', '-s', 'Show WpScan Database statistics.']
) )
end end