garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated documentation

Browse Source
This commit is contained in:
Christian Mehlmauer
2013-04-30 23:06:37 +02:00
parent dca987b64b
commit a38c709d74
371 changed files with 88362 additions and 38796 deletions
Download Patch File Download Diff File Expand all files Collapse all files

315
doc_yard/file.README.html Normal file
View File

@@ -0,0 +1,315 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII" />
<title>
File: README
&mdash; Documentation by YARD 0.8.6.1
</title>
<link rel="stylesheet" href="css/style.css" type="text/css" charset="utf-8" />
<link rel="stylesheet" href="css/common.css" type="text/css" charset="utf-8" />
<script type="text/javascript" charset="utf-8">
hasFrames = window.top.frames.main ? true : false;
relpath = '';
framesUrl = "frames.html#!" + escape(window.location.href);
</script>
<script type="text/javascript" charset="utf-8" src="js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="js/app.js"></script>
</head>
<body>
<div id="header">
<div id="menu">
<a href="_index.html">Index</a> &raquo;
<span class="title">File: README</span>
<div class="noframes"><span class="title">(</span><a href="." target="_top">no frames</a><span class="title">)</span></div>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="class_list.html">
Class List
</a>
<a class="full_list_link" id="method_list_link"
href="method_list.html">
Method List
</a>
<a class="full_list_link" id="file_list_link"
href="file_list.html">
File List
</a>
</div>
<div class="clear"></div>
</div>
<iframe id="search_frame"></iframe>
<div id="content"><div id='filecontents'>
<p><em>__</em></p>
<pre class="code ruby"><code class="ruby">__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|</code></pre>
<p><em>__</em></p>
<h2>LICENSE==</h2>
<p>WPScan - WordPress Security Scanner Copyright (C) 2011-2013 The WPScan Team</p>
<p>This program is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option)
any later version.</p>
<p>This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
more details.</p>
<p>You should have received a copy of the GNU General Public License along
with this program. If not, see &lt;<a
href="http://www.gnu.org/licenses">www.gnu.org/licenses</a>/&gt;.</p>
<p>ryandewhurst at gmail</p>
<h2>INSTALL==</h2>
<pre class="code ruby"><code class="ruby">WPScan comes pre-installed on the following Linux distributions:
* BackBox Linux
* BackTrack Linux (outdated WPScan installed, update needed)
* Pentoo
* SamuraiWTF
Prerequisites:
* Windows not supported
* Ruby =&gt; 1.9
* RubyGems
* Git
-&gt; Installing on Debian/Ubuntu:
sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler &amp;&amp; bundle install --without test development
-&gt; Installing on Fedora:
sudo yum install libcurl-devel
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler &amp;&amp; bundle install --without test development
-&gt; Installing on Archlinux:
pacman -Sy ruby
pacman -Sy libyaml
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler &amp;&amp; bundle install --without test development
gem install typhoeus
gem install nokogiri
-&gt; Installing on Mac OS X:
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler &amp;&amp; bundle install --without test development</code></pre>
<h2>KNOWN ISSUES==</h2>
<pre class="code ruby"><code class="ruby">- Typhoeus segmentation fault:
Update cURL to version =&gt; 7.21 (may have to install from source)
See http://code.google.com/p/wpscan/issues/detail?id=81
- Proxy not working:
Update cURL to version =&gt; 7.21.7 (may have to install from source).
Installation from sources :
- Grab the sources from http://curl.haxx.se/download.html
- Decompress the archive
- Open the folder with the extracted files
- Run ./configure
- Run make
- Run sudo make install
- Run sudo ldconfig
- cannot load such file -- readline:
Run sudo aptitude install libreadline5-dev libncurses5-dev
Then, open the directory of the readline gem (you have to locate it)
cd ~/.rvm/src/ruby-1.9.2-p180/ext/readline
ruby extconf.rb
make
make install
See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
- no such file to load -- rubygems
Run update-alternatives --config ruby
And select your ruby version
See https://github.com/wpscanteam/wpscan/issues/148</code></pre>
<h2>WPSCAN ARGUMENTS==</h2>
<p>--update Update to the latest revision</p>
<p>--url | -u &lt;target url&gt; The WordPress URL/domain to scan.</p>
<p>--force | -f Forces WPScan to not check if the remote site is running
WordPress.</p>
<p>--enumerate | -e [option(s)] Enumeration.</p>
<pre class="code ruby"><code class="ruby">option :
u usernames from id 1 to 10
u[10-20] usernames from id 10 to 20 (you must write [] chars)
p plugins
vp only vulnerable plugins
ap all plugins (can take a long time)
tt timthumbs
t themes
vp only vulnerable themes
at all themes (can take a long time)
Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
If no option is supplied, the default is 'vt,tt,u,vp'</code></pre>
<p>--exclude-content-based '&lt;regexp or string&gt;' Used with the
enumeration option, will exclude all occurrences based on the regexp or
string supplied</p>
<pre class="code ruby"><code class="ruby">You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)</code></pre>
<p>--config-file | -c &lt;config file&gt; Use the specified config file</p>
<p>--follow-redirection If the target url has a redirection, it will be
followed without asking if you wanted to do so or not</p>
<p>--wp-content-dir &lt;wp content dir&gt; WPScan try to find the content
directory (ie wp-content) by scanning the index page, however you can
specified it. Subdirectories are allowed</p>
<p>--wp-plugins-dir &lt;wp plugins dir&gt; Same thing than --wp-content-dir
but for the plugins directory. If not supplied, WPScan will use
wp-content-dir/plugins. Subdirectories are allowed</p>
<p>--proxy &lt;[protocol://]host:port&gt; Supply a proxy (will override the
one from conf/browser.conf.json).</p>
<pre class="code ruby"><code class="ruby">HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used</code></pre>
<p>--proxy-auth &lt;username:password&gt; Supply the proxy login credentials
(will override the one from conf/browser.conf.json).</p>
<p>--basic-auth &lt;username:password&gt; Set the HTTP Basic authentication</p>
<p>--wordlist | -w &lt;wordlist&gt; Supply a wordlist for the password bruter
and do the brute.</p>
<p>--threads | -t &lt;number of threads&gt; The number of threads to use
when multi-threading requests. (will override the value from
conf/browser.conf.json)</p>
<p>--username | -U &lt;username&gt; Only brute force the supplied username.</p>
<p>--help | -h This help screen.</p>
<p>--verbose | -v Verbose output.</p>
<h2>WPSCAN EXAMPLES==</h2>
<p>Do 'non-intrusive' checks...</p>
<pre class="code ruby"><code class="ruby">ruby wpscan.rb --url www.example.com</code></pre>
<p>Do wordlist password brute force on enumerated users using 50 threads...</p>
<pre class="code ruby"><code class="ruby">ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50</code></pre>
<p>Do wordlist password brute force on the 'admin' username only...</p>
<pre class="code ruby"><code class="ruby">ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin</code></pre>
<p>Enumerate installed plugins...</p>
<pre class="code ruby"><code class="ruby">ruby wpscan.rb --url www.example.com --enumerate p</code></pre>
<h2>WPSTOOLS ARGUMENTS==</h2>
<p>--help | -h This help screen. --Verbose | -v Verbose output.
--update | -u Update to the latest revision. --generate_plugin_list
[number of pages] Generate a new data/plugins.txt file. (supply number of
<b>pages</b> to parse, default : 150) --gpl Alias for
--generate_plugin_list --check-local-vulnerable-files | --clvf &lt;local
directory&gt; Perform a recursive scan in the &lt;local directory&gt; to
find vulnerable files or shells</p>
<h2>WPSTOOLS EXAMPLES==</h2>
<ul><li>
<p>Generate a new 'most popular' plugin list, up to 150 pages ...</p>
</li></ul>
<p>ruby wpstools.rb --generate_plugin_list 150</p>
<ul><li>
<p>Locally scan a wordpress installation for vulnerable files or shells :</p>
</li></ul>
<p>ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/</p>
<h3>PROJECT HOME===</h3>
<p><a href="http://www.wpscan.org">www.wpscan.org</a></p>
<h3>REPOSITORY===</h3>
<p><a
href="https://github.com/wpscanteam/wpscan">github.com/wpscanteam/wpscan</a></p>
<h3>ISSUES===</h3>
<p><a
href="https://github.com/wpscanteam/wpscan/issues">github.com/wpscanteam/wpscan/issues</a></p>
<h3>SPONSOR===</h3>
<p>WPScan is sponsored by the RandomStorm Open Source Initiative.</p>
<p>Visit RandomStorm at <a
href="http://www.randomstorm.com">www.randomstorm.com</a></p>
</div></div>
<div id="footer">
Generated on Tue Apr 30 23:05:04 2013 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.8.6.1 (ruby-1.9.3).
</div>
</body>
</html>