garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Create gh-pages branch via GitHub

Browse Source
This commit is contained in:
Gianluca Brindisi
2012-07-11 14:56:52 -07:00
commit c7c3a9ec08
5 changed files with 520 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

178
index.html Normal file
View File

@@ -0,0 +1,178 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="chrome=1">
<title>Wpscan by wpscanteam</title>
<link rel="stylesheet" href="stylesheets/styles.css">
<link rel="stylesheet" href="stylesheets/pygment_trac.css">
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
<!--[if lt IE 9]>
<script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
</head>
<body>
<div class="wrapper">
<header>
<h1>Wpscan</h1>
<p>WPScan is a black box WordPress vulnerability scanner.</p>
<p class="view"><a href="https://github.com/wpscanteam/wpscan">View the Project on GitHub <small>wpscanteam/wpscan</small></a></p>
<ul>
<li><a href="https://github.com/wpscanteam/wpscan/zipball/master">Download <strong>ZIP File</strong></a></li>
<li><a href="https://github.com/wpscanteam/wpscan/tarball/master">Download <strong>TAR Ball</strong></a></li>
<li><a href="https://github.com/wpscanteam/wpscan">View On <strong>GitHub</strong></a></li>
</ul>
</header>
<section>
<p><img src="http://dvwa.co.uk/images/wpscan_logo_407x80.png" alt="alt text" title="WPScan - WordPress Security Scanner"></p>
<h4>LICENSE</h4>
<p>WPScan - WordPress Security Scanner
Copyright (C), 2011-2012 Ryan Dewhurst AKA ethicalhack3r</p>
<p>This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.</p>
<p>This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.</p>
<p>You should have received a copy of the GNU General Public License
along with this program. If not, see <a href="http://www.gnu.org/licenses/">http://www.gnu.org/licenses/</a>.</p>
<p>ryandewhurst at gmail</p>
<h4>INSTALL</h4>
<p>WPScan comes pre-installed on the following Linux distributions:</p>
<ul>
<li>
<a href="http://www.backtrack-linux.org/">BackTrack Linux</a> since version 5 R1 in the /pentest/web/wpscan/ directory. </li>
<li><a href="http://samurai.inguardians.com/">SamuraiWTF</a></li>
<li><a href="http://www.backbox.org/">BackBox Linux</a></li>
</ul><p>WPScan only supports Ruby =&gt; 1.9.</p>
<p><em>Installing on Debian/Ubuntu:</em></p>
<p><code>sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby</code></p>
<p><code>sudo gem install typhoeus nokogiri json</code></p>
<p><em>Installing on other nix:</em> (not tested)</p>
<p><code>sudo gem install typhoeus nokogiri json</code></p>
<p><em>Installing on Mac OSX:</em></p>
<p><code>sudo gem install typhoeus nokogiri json</code></p>
<h4>KNOWN ISSUES</h4>
<ul>
<li><p>Typhoeus segmentation fault
Update curl to at least v7.21 (you may have to install it from sources)
See <a href="http://code.google.com/p/wpscan/issues/detail?id=81">http://code.google.com/p/wpscan/issues/detail?id=81</a></p></li>
<li><p>If you have one the following errors : "-bash: !t: event not found", "-bash: !u: event not found"
It happens whith enumeration : just put the 't' or 'u' before the 'p!' : '-e tp!' instead of '-e p!t'</p></li>
</ul><h4>WPSCAN ARGUMENTS</h4>
<pre><code>--url | -u &lt;target url&gt; The WordPress URL/domain to scan.
--force | -f Forces WPScan to not check if the remote site is running WordPress.
--enumerate | -e [option(s)] Enumeration.
option :
u usernames from id 1 to 10
u[10-20] usernames from id 10 to 20 (you must write [] chars)
p plugins
p! only vulnerable plugins
t timthumbs
Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins
If no option is supplied, the default is 'upt'
--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not
--proxy Supply a proxy in the format host:port (will override the one from conf/browser.conf.json)
--wordlist | -w &lt;wordlist&gt; Supply a wordlist for the password bruter and do the brute.
--threads | -t &lt;number of threads&gt; The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
--username | -U &lt;username&gt; Only brute force the supplied username.
--help | -h This help screen.
--verbose | -v Verbose output.
</code></pre>
<h4>WPSCAN EXAMPLES</h4>
<p>Do 'non-intrusive' checks...</p>
<p><code>ruby wpscan.rb --url www.example.com</code></p>
<p>Do wordlist password brute force on enumerated users using 50 threads...</p>
<p><code>ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50</code></p>
<p>Do wordlist password brute force on the 'admin' username only...</p>
<p><code>ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin</code></p>
<p>Enumerate instaled plugins...</p>
<p><code>ruby wpscan.rb --url www.example.com --enumerate p</code></p>
<p>Run all enumeration tools...</p>
<p><code>ruby wpscan.rb --url www.example.com --enumerate</code></p>
<h4>WPSTOOLS ARGUMENTS</h4>
<pre><code>--help | -h This help screen.
--Verbose | -v Verbose output.
--update | -u Update to the latest revision.
--generate_plugin_list [number of pages] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
--gpl Alias for --generate_plugin_list
</code></pre>
<h4>WPSTOOLS EXAMPLES</h4>
<p>Generate a new 'most popular' plugin list, up to 150 pages...</p>
<p><code>ruby wpstools.rb --generate_plugin_list 150</code></p>
<h4>PROJECT HOME</h4>
<p><a href="http://www.wpscan.org">www.wpscan.org</a></p>
<h4>GIT REPOSITORY</h4>
<p><a href="https://github.com/wpscanteam/wpscan">https://github.com/wpscanteam/wpscan</a></p>
<h4>ISSUES</h4>
<p><a href="https://github.com/wpscanteam/wpscan/issues">https://github.com/wpscanteam/wpscan/issues</a></p>
<h4>SPONSOR</h4>
<p>WPScan is sponsored by the <a href="http://www.randomstorm.com">RandomStorm</a> Open Source Initiative.</p>
</section>
<footer>
<p>This project is maintained by <a href="https://github.com/wpscanteam">wpscanteam</a></p>
<p><small>Hosted on GitHub Pages &mdash; Theme by <a href="https://github.com/orderedlist">orderedlist</a></small></p>
</footer>
</div>
<script src="javascripts/scale.fix.js"></script>
</body>
</html>

17
javascripts/scale.fix.js Normal file
View File

@@ -0,0 +1,17 @@
var metas = document.getElementsByTagName('meta');
var i;
if (navigator.userAgent.match(/iPhone/i)) {
for (i=0; i<metas.length; i++) {
if (metas[i].name == "viewport") {
metas[i].content = "width=device-width, minimum-scale=1.0, maximum-scale=1.0";
}
}
document.addEventListener("gesturestart", gestureStart, false);
}
function gestureStart() {
for (i=0; i<metas.length; i++) {
if (metas[i].name == "viewport") {
metas[i].content = "width=device-width, minimum-scale=0.25, maximum-scale=1.6";
}
}
}

1
params.json Normal file
View File

@@ -0,0 +1 @@
{"body":"![alt text](http://dvwa.co.uk/images/wpscan_logo_407x80.png \"WPScan - WordPress Security Scanner\")\r\n\r\n#### LICENSE\r\n\r\nWPScan - WordPress Security Scanner\r\nCopyright (C), 2011-2012 Ryan Dewhurst AKA ethicalhack3r\r\n\r\nThis program is free software: you can redistribute it and/or modify\r\nit under the terms of the GNU General Public License as published by\r\nthe Free Software Foundation, either version 3 of the License, or\r\n(at your option) any later version.\r\n\r\nThis program is distributed in the hope that it will be useful,\r\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\r\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\r\nGNU General Public License for more details.\r\n\r\nYou should have received a copy of the GNU General Public License\r\nalong with this program. If not, see <http://www.gnu.org/licenses/>.\r\n\r\nryandewhurst at gmail\r\n\r\n#### INSTALL\r\n\r\nWPScan comes pre-installed on the following Linux distributions:\r\n\r\n- [BackTrack Linux](http://www.backtrack-linux.org/) since version 5 R1 in the /pentest/web/wpscan/ directory. \r\n- [SamuraiWTF](http://samurai.inguardians.com/)\r\n- [BackBox Linux](http://www.backbox.org/)\r\n\r\nWPScan only supports Ruby => 1.9.\r\n\r\n*Installing on Debian/Ubuntu:*\r\n\r\n```sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby```\r\n\r\n``` sudo gem install typhoeus nokogiri json```\r\n\r\n*Installing on other nix:* (not tested)\r\n\r\n```sudo gem install typhoeus nokogiri json```\r\n\r\n*Installing on Mac OSX:*\r\n\r\n```sudo gem install typhoeus nokogiri json```\r\n\r\n#### KNOWN ISSUES\r\n\r\n - Typhoeus segmentation fault\r\n Update curl to at least v7.21 (you may have to install it from sources)\r\n See http://code.google.com/p/wpscan/issues/detail?id=81\r\n\r\n - If you have one the following errors : \"-bash: !t: event not found\", \"-bash: !u: event not found\"\r\n It happens whith enumeration : just put the 't' or 'u' before the 'p!' : '-e tp!' instead of '-e p!t'\r\n\r\n#### WPSCAN ARGUMENTS\r\n\r\n --url | -u <target url> The WordPress URL/domain to scan.\r\n\r\n --force | -f Forces WPScan to not check if the remote site is running WordPress.\r\n\r\n --enumerate | -e [option(s)] Enumeration.\r\n option :\r\n u usernames from id 1 to 10\r\n u[10-20] usernames from id 10 to 20 (you must write [] chars)\r\n p plugins\r\n p! only vulnerable plugins\r\n t timthumbs\r\n Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins\r\n If no option is supplied, the default is 'upt'\r\n\r\n --follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not\r\n\r\n --proxy Supply a proxy in the format host:port (will override the one from conf/browser.conf.json)\r\n\r\n --wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute.\r\n\r\n --threads | -t <number of threads> The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)\r\n\r\n --username | -U <username> Only brute force the supplied username.\r\n\r\n --help | -h This help screen.\r\n\r\n --verbose | -v Verbose output.\r\n\r\n#### WPSCAN EXAMPLES\r\n\r\nDo 'non-intrusive' checks...\r\n\r\n```ruby wpscan.rb --url www.example.com```\r\n\r\nDo wordlist password brute force on enumerated users using 50 threads...\r\n\r\n```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50```\r\n\r\nDo wordlist password brute force on the 'admin' username only...\r\n\r\n```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin```\r\n\r\nEnumerate instaled plugins...\r\n\r\n```ruby wpscan.rb --url www.example.com --enumerate p```\r\n\r\nRun all enumeration tools...\r\n\r\n```ruby wpscan.rb --url www.example.com --enumerate```\r\n\r\n#### WPSTOOLS ARGUMENTS\r\n\r\n --help | -h This help screen.\r\n --Verbose | -v Verbose output.\r\n --update | -u Update to the latest revision.\r\n --generate_plugin_list [number of pages] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)\r\n --gpl Alias for --generate_plugin_list\r\n\r\n#### WPSTOOLS EXAMPLES\r\n\r\nGenerate a new 'most popular' plugin list, up to 150 pages...\r\n\r\n```ruby wpstools.rb --generate_plugin_list 150```\r\n\r\n#### PROJECT HOME\r\n\r\nwww.wpscan.org\r\n\r\n#### GIT REPOSITORY\r\n\r\nhttps://github.com/wpscanteam/wpscan\r\n\r\n#### ISSUES\r\n\r\nhttps://github.com/wpscanteam/wpscan/issues\r\n\r\n#### SPONSOR\r\n\r\nWPScan is sponsored by the [RandomStorm](http://www.randomstorm.com) Open Source Initiative.\r\n","google":"","note":"Don't delete this file! It's used internally to help with page regeneration.","name":"Wpscan","tagline":"WPScan is a black box WordPress vulnerability scanner."}

69
stylesheets/pygment_trac.css Normal file
View File

@@ -0,0 +1,69 @@
.highlight { background: #ffffff; }
.highlight .c { color: #999988; font-style: italic } /* Comment */
.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
.highlight .k { font-weight: bold } /* Keyword */
.highlight .o { font-weight: bold } /* Operator */
.highlight .cm { color: #999988; font-style: italic } /* Comment.Multiline */
.highlight .cp { color: #999999; font-weight: bold } /* Comment.Preproc */
.highlight .c1 { color: #999988; font-style: italic } /* Comment.Single */
.highlight .cs { color: #999999; font-weight: bold; font-style: italic } /* Comment.Special */
.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */
.highlight .gd .x { color: #000000; background-color: #ffaaaa } /* Generic.Deleted.Specific */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .gr { color: #aa0000 } /* Generic.Error */
.highlight .gh { color: #999999 } /* Generic.Heading */
.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */
.highlight .gi .x { color: #000000; background-color: #aaffaa } /* Generic.Inserted.Specific */
.highlight .go { color: #888888 } /* Generic.Output */
.highlight .gp { color: #555555 } /* Generic.Prompt */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #800080; font-weight: bold; } /* Generic.Subheading */
.highlight .gt { color: #aa0000 } /* Generic.Traceback */
.highlight .kc { font-weight: bold } /* Keyword.Constant */
.highlight .kd { font-weight: bold } /* Keyword.Declaration */
.highlight .kn { font-weight: bold } /* Keyword.Namespace */
.highlight .kp { font-weight: bold } /* Keyword.Pseudo */
.highlight .kr { font-weight: bold } /* Keyword.Reserved */
.highlight .kt { color: #445588; font-weight: bold } /* Keyword.Type */
.highlight .m { color: #009999 } /* Literal.Number */
.highlight .s { color: #d14 } /* Literal.String */
.highlight .na { color: #008080 } /* Name.Attribute */
.highlight .nb { color: #0086B3 } /* Name.Builtin */
.highlight .nc { color: #445588; font-weight: bold } /* Name.Class */
.highlight .no { color: #008080 } /* Name.Constant */
.highlight .ni { color: #800080 } /* Name.Entity */
.highlight .ne { color: #990000; font-weight: bold } /* Name.Exception */
.highlight .nf { color: #990000; font-weight: bold } /* Name.Function */
.highlight .nn { color: #555555 } /* Name.Namespace */
.highlight .nt { color: #000080 } /* Name.Tag */
.highlight .nv { color: #008080 } /* Name.Variable */
.highlight .ow { font-weight: bold } /* Operator.Word */
.highlight .w { color: #bbbbbb } /* Text.Whitespace */
.highlight .mf { color: #009999 } /* Literal.Number.Float */
.highlight .mh { color: #009999 } /* Literal.Number.Hex */
.highlight .mi { color: #009999 } /* Literal.Number.Integer */
.highlight .mo { color: #009999 } /* Literal.Number.Oct */
.highlight .sb { color: #d14 } /* Literal.String.Backtick */
.highlight .sc { color: #d14 } /* Literal.String.Char */
.highlight .sd { color: #d14 } /* Literal.String.Doc */
.highlight .s2 { color: #d14 } /* Literal.String.Double */
.highlight .se { color: #d14 } /* Literal.String.Escape */
.highlight .sh { color: #d14 } /* Literal.String.Heredoc */
.highlight .si { color: #d14 } /* Literal.String.Interpol */
.highlight .sx { color: #d14 } /* Literal.String.Other */
.highlight .sr { color: #009926 } /* Literal.String.Regex */
.highlight .s1 { color: #d14 } /* Literal.String.Single */
.highlight .ss { color: #990073 } /* Literal.String.Symbol */
.highlight .bp { color: #999999 } /* Name.Builtin.Pseudo */
.highlight .vc { color: #008080 } /* Name.Variable.Class */
.highlight .vg { color: #008080 } /* Name.Variable.Global */
.highlight .vi { color: #008080 } /* Name.Variable.Instance */
.highlight .il { color: #009999 } /* Literal.Number.Integer.Long */
.type-csharp .highlight .k { color: #0000FF }
.type-csharp .highlight .kt { color: #0000FF }
.type-csharp .highlight .nf { color: #000000; font-weight: normal }
.type-csharp .highlight .nc { color: #2B91AF }
.type-csharp .highlight .nn { color: #000000 }
.type-csharp .highlight .s { color: #A31515 }
.type-csharp .highlight .sc { color: #A31515 }

255
stylesheets/styles.css Normal file
View File

@@ -0,0 +1,255 @@
@import url(https://fonts.googleapis.com/css?family=Lato:300italic,700italic,300,700);
body {
padding:50px;
font:14px/1.5 Lato, "Helvetica Neue", Helvetica, Arial, sans-serif;
color:#777;
font-weight:300;
}
h1, h2, h3, h4, h5, h6 {
color:#222;
margin:0 0 20px;
}
p, ul, ol, table, pre, dl {
margin:0 0 20px;
}
h1, h2, h3 {
line-height:1.1;
}
h1 {
font-size:28px;
}
h2 {
color:#393939;
}
h3, h4, h5, h6 {
color:#494949;
}
a {
color:#39c;
font-weight:400;
text-decoration:none;
}
a small {
font-size:11px;
color:#777;
margin-top:-0.6em;
display:block;
}
.wrapper {
width:860px;
margin:0 auto;
}
blockquote {
border-left:1px solid #e5e5e5;
margin:0;
padding:0 0 0 20px;
font-style:italic;
}
code, pre {
font-family:Monaco, Bitstream Vera Sans Mono, Lucida Console, Terminal;
color:#333;
font-size:12px;
}
pre {
padding:8px 15px;
background: #f8f8f8;
border-radius:5px;
border:1px solid #e5e5e5;
overflow-x: auto;
}
table {
width:100%;
border-collapse:collapse;
}
th, td {
text-align:left;
padding:5px 10px;
border-bottom:1px solid #e5e5e5;
}
dt {
color:#444;
font-weight:700;
}
th {
color:#444;
}
img {
max-width:100%;
}
header {
width:270px;
float:left;
position:fixed;
}
header ul {
list-style:none;
height:40px;
padding:0;
background: #eee;
background: -moz-linear-gradient(top, #f8f8f8 0%, #dddddd 100%);
background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#f8f8f8), color-stop(100%,#dddddd));
background: -webkit-linear-gradient(top, #f8f8f8 0%,#dddddd 100%);
background: -o-linear-gradient(top, #f8f8f8 0%,#dddddd 100%);
background: -ms-linear-gradient(top, #f8f8f8 0%,#dddddd 100%);
background: linear-gradient(top, #f8f8f8 0%,#dddddd 100%);
border-radius:5px;
border:1px solid #d2d2d2;
box-shadow:inset #fff 0 1px 0, inset rgba(0,0,0,0.03) 0 -1px 0;
width:270px;
}
header li {
width:89px;
float:left;
border-right:1px solid #d2d2d2;
height:40px;
}
header ul a {
line-height:1;
font-size:11px;
color:#999;
display:block;
text-align:center;
padding-top:6px;
height:40px;
}
strong {
color:#222;
font-weight:700;
}
header ul li + li {
width:88px;
border-left:1px solid #fff;
}
header ul li + li + li {
border-right:none;
width:89px;
}
header ul a strong {
font-size:14px;
display:block;
color:#222;
}
section {
width:500px;
float:right;
padding-bottom:50px;
}
small {
font-size:11px;
}
hr {
border:0;
background:#e5e5e5;
height:1px;
margin:0 0 20px;
}
footer {
width:270px;
float:left;
position:fixed;
bottom:50px;
}
@media print, screen and (max-width: 960px) {
div.wrapper {
width:auto;
margin:0;
}
header, section, footer {
float:none;
position:static;
width:auto;
}
header {
padding-right:320px;
}
section {
border:1px solid #e5e5e5;
border-width:1px 0;
padding:20px 0;
margin:0 0 20px;
}
header a small {
display:inline;
}
header ul {
position:absolute;
right:50px;
top:52px;
}
}
@media print, screen and (max-width: 720px) {
body {
word-wrap:break-word;
}
header {
padding:0;
}
header ul, header p.view {
position:static;
}
pre, code {
word-wrap:normal;
}
}
@media print, screen and (max-width: 480px) {
body {
padding:15px;
}
header ul {
display:none;
}
}
@media print {
body {
padding:0.4in;
font-size:12pt;
color:#444;
}
}