diff --git a/README.md b/README.md index a00a007d..37e50789 100644 --- a/README.md +++ b/README.md @@ -209,13 +209,10 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install #### WPSCAN ARGUMENTS - --update Update the databases. - - --url | -u The WordPress URL/domain to scan. - - --force | -f Forces WPScan to not check if the remote site is running WordPress. - - --enumerate | -e [option(s)] Enumeration. + --update Update to the database to the latest version. + --url | -u The WordPress URL/domain to scan. + --force | -f Forces WPScan to not check if the remote site is running WordPress. + --enumerate | -e [option(s)] Enumeration. option : u usernames from id 1 to 10 u[10-20] usernames from id 10 to 20 (you must write [] chars) @@ -229,53 +226,36 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins If no option is supplied, the default is "vt,tt,u,vp" - --exclude-content-based "" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied - You do not need to provide the regexp delimiters, but you must write the quotes (simple or double) - - --config-file | -c Use the specified config file, see the example.conf.json - - --user-agent | -a Use the specified User-Agent - - --random-agent | -r Use a random User-Agent - - --follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not - - --wp-content-dir WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed - - --wp-plugins-dir Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed - - --proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json). - HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used - - --proxy-auth Supply the proxy login credentials. - - --basic-auth Set the HTTP Basic authentication. - - --wordlist | -w Supply a wordlist for the password brute forcer. - - --threads | -t The number of threads to use when multi-threading requests. - - --username | -U Only brute force the supplied username. - - --usernames Only brute force the usernames from the file. - - --cache-ttl Typhoeus cache TTL. - - --request-timeout Request Timeout. - - --connect-timeout Connect Timeout. - - --max-threads Maximum Threads. - - --help | -h This help screen. - - --verbose | -v Verbose output. - - --batch Never ask for user input, use the default behavior. - - --no-color Do not use colors in the output. - - --log Save STDOUT to log.txt + --exclude-content-based "" + Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied. + You do not need to provide the regexp delimiters, but you must write the quotes (simple or double). + --config-file | -c Use the specified config file, see the example.conf.json. + --user-agent | -a Use the specified User-Agent. + --cookie String to read cookies from. + --random-agent | -r Use a random User-Agent. + --follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not + --batch Never ask for user input, use the default behaviour. + --no-color Do not use colors in the output. + --wp-content-dir WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. + Subdirectories are allowed. + --wp-plugins-dir Same thing than --wp-content-dir but for the plugins directory. + If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed + --proxy <[protocol://]host:port> Supply a proxy. HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. + If no protocol is given (format host:port), HTTP will be used. + --proxy-auth Supply the proxy login credentials. + --basic-auth Set the HTTP Basic authentication. + --wordlist | -w Supply a wordlist for the password brute forcer. + --username | -U Only brute force the supplied username. + --usernames Only brute force the usernames from the file. + --threads | -t The number of threads to use when multi-threading requests. + --cache-ttl Typhoeus cache TTL. + --request-timeout Request Timeout. + --connect-timeout Connect Timeout. + --max-threads Maximum Threads. + --throttle Milliseconds to wait before doing another web request. If used, the --threads should be set to 1. + --help | -h This help screen. + --verbose | -v Verbose output. + --version Output the current version and exit. #### WPSCAN EXAMPLES