From c7c3a9ec08048bb471dbc53ac928955c93795041 Mon Sep 17 00:00:00 2001 From: Gianluca Brindisi Date: Wed, 11 Jul 2012 14:56:52 -0700 Subject: [PATCH] Create gh-pages branch via GitHub --- index.html | 178 ++++++++++++++++++++++++ javascripts/scale.fix.js | 17 +++ params.json | 1 + stylesheets/pygment_trac.css | 69 ++++++++++ stylesheets/styles.css | 255 +++++++++++++++++++++++++++++++++++ 5 files changed, 520 insertions(+) create mode 100644 index.html create mode 100644 javascripts/scale.fix.js create mode 100644 params.json create mode 100644 stylesheets/pygment_trac.css create mode 100644 stylesheets/styles.css diff --git a/index.html b/index.html new file mode 100644 index 00000000..6d6fa872 --- /dev/null +++ b/index.html @@ -0,0 +1,178 @@ + + + + + + Wpscan by wpscanteam + + + + + + + +
+
+

Wpscan

+

WPScan is a black box WordPress vulnerability scanner.

+ +

View the Project on GitHub wpscanteam/wpscan

+ + + +
+
+

alt text

+ +

LICENSE

+ +

WPScan - WordPress Security Scanner +Copyright (C), 2011-2012 Ryan Dewhurst AKA ethicalhack3r

+ +

This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version.

+ +

This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details.

+ +

You should have received a copy of the GNU General Public License +along with this program. If not, see http://www.gnu.org/licenses/.

+ +

ryandewhurst at gmail

+ +

INSTALL

+ +

WPScan comes pre-installed on the following Linux distributions:

+ +

WPScan only supports Ruby => 1.9.

+ +

Installing on Debian/Ubuntu:

+ +

sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby

+ +

sudo gem install typhoeus nokogiri json

+ +

Installing on other nix: (not tested)

+ +

sudo gem install typhoeus nokogiri json

+ +

Installing on Mac OSX:

+ +

sudo gem install typhoeus nokogiri json

+ +

KNOWN ISSUES

+ +
    +

  • Typhoeus segmentation fault + Update curl to at least v7.21 (you may have to install it from sources) + See http://code.google.com/p/wpscan/issues/detail?id=81

    • +

  • If you have one the following errors : "-bash: !t: event not found", "-bash: !u: event not found" + It happens whith enumeration : just put the 't' or 'u' before the 'p!' : '-e tp!' instead of '-e p!t'

    • +

WPSCAN ARGUMENTS

+ +
--url   | -u <target url>  The WordPress URL/domain to scan.
+
+--force | -f Forces WPScan to not check if the remote site is running WordPress.
+
+--enumerate | -e [option(s)]  Enumeration.
+ option :
+   u        usernames from id 1 to 10
+   u[10-20] usernames from id 10 to 20 (you must write [] chars)
+   p        plugins
+   p!       only vulnerable plugins
+   t        timthumbs
+ Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins
+ If no option is supplied, the default is 'upt'
+
+--follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not
+
+--proxy  Supply a proxy in the format host:port (will override the one from conf/browser.conf.json)
+
+--wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.
+
+--threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
+
+--username | -U <username>  Only brute force the supplied username.
+
+--help     | -h This help screen.
+
+--verbose  | -v Verbose output.
+
+ +

WPSCAN EXAMPLES

+ +

Do 'non-intrusive' checks...

+ +

ruby wpscan.rb --url www.example.com

+ +

Do wordlist password brute force on enumerated users using 50 threads...

+ +

ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50

+ +

Do wordlist password brute force on the 'admin' username only...

+ +

ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin

+ +

Enumerate instaled plugins...

+ +

ruby wpscan.rb --url www.example.com --enumerate p

+ +

Run all enumeration tools...

+ +

ruby wpscan.rb --url www.example.com --enumerate

+ +

WPSTOOLS ARGUMENTS

+ +
--help    | -h   This help screen.
+--Verbose | -v   Verbose output.
+--update  | -u   Update to the latest revision.
+--generate_plugin_list [number of pages]  Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
+--gpl  Alias for --generate_plugin_list
+
+ +

WPSTOOLS EXAMPLES

+ +

Generate a new 'most popular' plugin list, up to 150 pages...

+ +

ruby wpstools.rb --generate_plugin_list 150

+ +

PROJECT HOME

+ +

www.wpscan.org

+ +

GIT REPOSITORY

+ +

https://github.com/wpscanteam/wpscan

+ +

ISSUES

+ +

https://github.com/wpscanteam/wpscan/issues

+ +

SPONSOR

+ +

WPScan is sponsored by the RandomStorm Open Source Initiative.

+
+ +
+ + + + \ No newline at end of file diff --git a/javascripts/scale.fix.js b/javascripts/scale.fix.js new file mode 100644 index 00000000..87a40ca7 --- /dev/null +++ b/javascripts/scale.fix.js @@ -0,0 +1,17 @@ +var metas = document.getElementsByTagName('meta'); +var i; +if (navigator.userAgent.match(/iPhone/i)) { + for (i=0; i.\r\n\r\nryandewhurst at gmail\r\n\r\n#### INSTALL\r\n\r\nWPScan comes pre-installed on the following Linux distributions:\r\n\r\n- [BackTrack Linux](http://www.backtrack-linux.org/) since version 5 R1 in the /pentest/web/wpscan/ directory. \r\n- [SamuraiWTF](http://samurai.inguardians.com/)\r\n- [BackBox Linux](http://www.backbox.org/)\r\n\r\nWPScan only supports Ruby => 1.9.\r\n\r\n*Installing on Debian/Ubuntu:*\r\n\r\n```sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby```\r\n\r\n``` sudo gem install typhoeus nokogiri json```\r\n\r\n*Installing on other nix:* (not tested)\r\n\r\n```sudo gem install typhoeus nokogiri json```\r\n\r\n*Installing on Mac OSX:*\r\n\r\n```sudo gem install typhoeus nokogiri json```\r\n\r\n#### KNOWN ISSUES\r\n\r\n - Typhoeus segmentation fault\r\n Update curl to at least v7.21 (you may have to install it from sources)\r\n See http://code.google.com/p/wpscan/issues/detail?id=81\r\n\r\n - If you have one the following errors : \"-bash: !t: event not found\", \"-bash: !u: event not found\"\r\n It happens whith enumeration : just put the 't' or 'u' before the 'p!' : '-e tp!' instead of '-e p!t'\r\n\r\n#### WPSCAN ARGUMENTS\r\n\r\n --url | -u The WordPress URL/domain to scan.\r\n\r\n --force | -f Forces WPScan to not check if the remote site is running WordPress.\r\n\r\n --enumerate | -e [option(s)] Enumeration.\r\n option :\r\n u usernames from id 1 to 10\r\n u[10-20] usernames from id 10 to 20 (you must write [] chars)\r\n p plugins\r\n p! only vulnerable plugins\r\n t timthumbs\r\n Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins\r\n If no option is supplied, the default is 'upt'\r\n\r\n --follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not\r\n\r\n --proxy Supply a proxy in the format host:port (will override the one from conf/browser.conf.json)\r\n\r\n --wordlist | -w Supply a wordlist for the password bruter and do the brute.\r\n\r\n --threads | -t The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)\r\n\r\n --username | -U Only brute force the supplied username.\r\n\r\n --help | -h This help screen.\r\n\r\n --verbose | -v Verbose output.\r\n\r\n#### WPSCAN EXAMPLES\r\n\r\nDo 'non-intrusive' checks...\r\n\r\n```ruby wpscan.rb --url www.example.com```\r\n\r\nDo wordlist password brute force on enumerated users using 50 threads...\r\n\r\n```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50```\r\n\r\nDo wordlist password brute force on the 'admin' username only...\r\n\r\n```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin```\r\n\r\nEnumerate instaled plugins...\r\n\r\n```ruby wpscan.rb --url www.example.com --enumerate p```\r\n\r\nRun all enumeration tools...\r\n\r\n```ruby wpscan.rb --url www.example.com --enumerate```\r\n\r\n#### WPSTOOLS ARGUMENTS\r\n\r\n --help | -h This help screen.\r\n --Verbose | -v Verbose output.\r\n --update | -u Update to the latest revision.\r\n --generate_plugin_list [number of pages] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)\r\n --gpl Alias for --generate_plugin_list\r\n\r\n#### WPSTOOLS EXAMPLES\r\n\r\nGenerate a new 'most popular' plugin list, up to 150 pages...\r\n\r\n```ruby wpstools.rb --generate_plugin_list 150```\r\n\r\n#### PROJECT HOME\r\n\r\nwww.wpscan.org\r\n\r\n#### GIT REPOSITORY\r\n\r\nhttps://github.com/wpscanteam/wpscan\r\n\r\n#### ISSUES\r\n\r\nhttps://github.com/wpscanteam/wpscan/issues\r\n\r\n#### SPONSOR\r\n\r\nWPScan is sponsored by the [RandomStorm](http://www.randomstorm.com) Open Source Initiative.\r\n","google":"","note":"Don't delete this file! It's used internally to help with page regeneration.","name":"Wpscan","tagline":"WPScan is a black box WordPress vulnerability scanner."} \ No newline at end of file diff --git a/stylesheets/pygment_trac.css b/stylesheets/pygment_trac.css new file mode 100644 index 00000000..c6a6452d --- /dev/null +++ b/stylesheets/pygment_trac.css @@ -0,0 +1,69 @@ +.highlight { background: #ffffff; } +.highlight .c { color: #999988; font-style: italic } /* Comment */ +.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */ +.highlight .k { font-weight: bold } /* Keyword */ +.highlight .o { font-weight: bold } /* Operator */ +.highlight .cm { color: #999988; font-style: italic } /* Comment.Multiline */ +.highlight .cp { color: #999999; font-weight: bold } /* Comment.Preproc */ +.highlight .c1 { color: #999988; font-style: italic } /* Comment.Single */ +.highlight .cs { color: #999999; font-weight: bold; font-style: italic } /* Comment.Special */ +.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */ +.highlight .gd .x { color: #000000; background-color: #ffaaaa } /* Generic.Deleted.Specific */ +.highlight .ge { font-style: italic } /* Generic.Emph */ +.highlight .gr { color: #aa0000 } /* Generic.Error */ +.highlight .gh { color: #999999 } /* Generic.Heading */ +.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */ +.highlight .gi .x { color: #000000; background-color: #aaffaa } /* Generic.Inserted.Specific */ +.highlight .go { color: #888888 } /* Generic.Output */ +.highlight .gp { color: #555555 } /* Generic.Prompt */ +.highlight .gs { font-weight: bold } /* Generic.Strong */ +.highlight .gu { color: #800080; font-weight: bold; } /* Generic.Subheading */ +.highlight .gt { color: #aa0000 } /* Generic.Traceback */ +.highlight .kc { font-weight: bold } /* Keyword.Constant */ +.highlight .kd { font-weight: bold } /* Keyword.Declaration */ +.highlight .kn { font-weight: bold } /* Keyword.Namespace */ +.highlight .kp { font-weight: bold } /* Keyword.Pseudo */ +.highlight .kr { font-weight: bold } /* Keyword.Reserved */ +.highlight .kt { color: #445588; font-weight: bold } /* Keyword.Type */ +.highlight .m { color: #009999 } /* Literal.Number */ +.highlight .s { color: #d14 } /* Literal.String */ +.highlight .na { color: #008080 } /* Name.Attribute */ +.highlight .nb { color: #0086B3 } /* Name.Builtin */ +.highlight .nc { color: #445588; font-weight: bold } /* Name.Class */ +.highlight .no { color: #008080 } /* Name.Constant */ +.highlight .ni { color: #800080 } /* Name.Entity */ +.highlight .ne { color: #990000; font-weight: bold } /* Name.Exception */ +.highlight .nf { color: #990000; font-weight: bold } /* Name.Function */ +.highlight .nn { color: #555555 } /* Name.Namespace */ +.highlight .nt { color: #000080 } /* Name.Tag */ +.highlight .nv { color: #008080 } /* Name.Variable */ +.highlight .ow { font-weight: bold } /* Operator.Word */ +.highlight .w { color: #bbbbbb } /* Text.Whitespace */ +.highlight .mf { color: #009999 } /* Literal.Number.Float */ +.highlight .mh { color: #009999 } /* Literal.Number.Hex */ +.highlight .mi { color: #009999 } /* Literal.Number.Integer */ +.highlight .mo { color: #009999 } /* Literal.Number.Oct */ +.highlight .sb { color: #d14 } /* Literal.String.Backtick */ +.highlight .sc { color: #d14 } /* Literal.String.Char */ +.highlight .sd { color: #d14 } /* Literal.String.Doc */ +.highlight .s2 { color: #d14 } /* Literal.String.Double */ +.highlight .se { color: #d14 } /* Literal.String.Escape */ +.highlight .sh { color: #d14 } /* Literal.String.Heredoc */ +.highlight .si { color: #d14 } /* Literal.String.Interpol */ +.highlight .sx { color: #d14 } /* Literal.String.Other */ +.highlight .sr { color: #009926 } /* Literal.String.Regex */ +.highlight .s1 { color: #d14 } /* Literal.String.Single */ +.highlight .ss { color: #990073 } /* Literal.String.Symbol */ +.highlight .bp { color: #999999 } /* Name.Builtin.Pseudo */ +.highlight .vc { color: #008080 } /* Name.Variable.Class */ +.highlight .vg { color: #008080 } /* Name.Variable.Global */ +.highlight .vi { color: #008080 } /* Name.Variable.Instance */ +.highlight .il { color: #009999 } /* Literal.Number.Integer.Long */ + +.type-csharp .highlight .k { color: #0000FF } +.type-csharp .highlight .kt { color: #0000FF } +.type-csharp .highlight .nf { color: #000000; font-weight: normal } +.type-csharp .highlight .nc { color: #2B91AF } +.type-csharp .highlight .nn { color: #000000 } +.type-csharp .highlight .s { color: #A31515 } +.type-csharp .highlight .sc { color: #A31515 } diff --git a/stylesheets/styles.css b/stylesheets/styles.css new file mode 100644 index 00000000..dacf2e18 --- /dev/null +++ b/stylesheets/styles.css @@ -0,0 +1,255 @@ +@import url(https://fonts.googleapis.com/css?family=Lato:300italic,700italic,300,700); + +body { + padding:50px; + font:14px/1.5 Lato, "Helvetica Neue", Helvetica, Arial, sans-serif; + color:#777; + font-weight:300; +} + +h1, h2, h3, h4, h5, h6 { + color:#222; + margin:0 0 20px; +} + +p, ul, ol, table, pre, dl { + margin:0 0 20px; +} + +h1, h2, h3 { + line-height:1.1; +} + +h1 { + font-size:28px; +} + +h2 { + color:#393939; +} + +h3, h4, h5, h6 { + color:#494949; +} + +a { + color:#39c; + font-weight:400; + text-decoration:none; +} + +a small { + font-size:11px; + color:#777; + margin-top:-0.6em; + display:block; +} + +.wrapper { + width:860px; + margin:0 auto; +} + +blockquote { + border-left:1px solid #e5e5e5; + margin:0; + padding:0 0 0 20px; + font-style:italic; +} + +code, pre { + font-family:Monaco, Bitstream Vera Sans Mono, Lucida Console, Terminal; + color:#333; + font-size:12px; +} + +pre { + padding:8px 15px; + background: #f8f8f8; + border-radius:5px; + border:1px solid #e5e5e5; + overflow-x: auto; +} + +table { + width:100%; + border-collapse:collapse; +} + +th, td { + text-align:left; + padding:5px 10px; + border-bottom:1px solid #e5e5e5; +} + +dt { + color:#444; + font-weight:700; +} + +th { + color:#444; +} + +img { + max-width:100%; +} + +header { + width:270px; + float:left; + position:fixed; +} + +header ul { + list-style:none; + height:40px; + + padding:0; + + background: #eee; + background: -moz-linear-gradient(top, #f8f8f8 0%, #dddddd 100%); + background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#f8f8f8), color-stop(100%,#dddddd)); + background: -webkit-linear-gradient(top, #f8f8f8 0%,#dddddd 100%); + background: -o-linear-gradient(top, #f8f8f8 0%,#dddddd 100%); + background: -ms-linear-gradient(top, #f8f8f8 0%,#dddddd 100%); + background: linear-gradient(top, #f8f8f8 0%,#dddddd 100%); + + border-radius:5px; + border:1px solid #d2d2d2; + box-shadow:inset #fff 0 1px 0, inset rgba(0,0,0,0.03) 0 -1px 0; + width:270px; +} + +header li { + width:89px; + float:left; + border-right:1px solid #d2d2d2; + height:40px; +} + +header ul a { + line-height:1; + font-size:11px; + color:#999; + display:block; + text-align:center; + padding-top:6px; + height:40px; +} + +strong { + color:#222; + font-weight:700; +} + +header ul li + li { + width:88px; + border-left:1px solid #fff; +} + +header ul li + li + li { + border-right:none; + width:89px; +} + +header ul a strong { + font-size:14px; + display:block; + color:#222; +} + +section { + width:500px; + float:right; + padding-bottom:50px; +} + +small { + font-size:11px; +} + +hr { + border:0; + background:#e5e5e5; + height:1px; + margin:0 0 20px; +} + +footer { + width:270px; + float:left; + position:fixed; + bottom:50px; +} + +@media print, screen and (max-width: 960px) { + + div.wrapper { + width:auto; + margin:0; + } + + header, section, footer { + float:none; + position:static; + width:auto; + } + + header { + padding-right:320px; + } + + section { + border:1px solid #e5e5e5; + border-width:1px 0; + padding:20px 0; + margin:0 0 20px; + } + + header a small { + display:inline; + } + + header ul { + position:absolute; + right:50px; + top:52px; + } +} + +@media print, screen and (max-width: 720px) { + body { + word-wrap:break-word; + } + + header { + padding:0; + } + + header ul, header p.view { + position:static; + } + + pre, code { + word-wrap:normal; + } +} + +@media print, screen and (max-width: 480px) { + body { + padding:15px; + } + + header ul { + display:none; + } +} + +@media print { + body { + padding:0.4in; + font-size:12pt; + color:#444; + } +}