__________________________________________________
 __          _______   _____
 \ \        / /  __ \ / ____|
  \ \  /\  / /| |__) | (___   ___  __ _ _ __
   \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
    \  /\  /  | |     ____) | (__| (_| | | | |
     \/  \/   |_|    |_____/ \___|\__,_|_| |_|
__________________________________________________

==LICENSE==

WPScan - WordPress Security Scanner
Copyright (C) 2011-2012  Ryan Dewhurst AKA ethicalhack3r

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.

ryandewhurst at gmail

==INSTALL==

  WPScan comes pre-installed on the following Linux distributions:

   * BackBox Linux
   * BackTrack Linux (outdated WPScan installed, update needed)
   * Pentoo
   * SamuraiWTF

  Prerequisites:

   * Windows not supported
   * Ruby => 1.9
   * RubyGems
   * Git

  -> Installing on Debian/Ubuntu:

    sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler && bundle install

  -> Installing on Fedora:

    sudo yum install libcurl-devel
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler && bundle install

  -> Installing on Mac OS X:

    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler && bundle install

==KNOWN ISSUES==

  - Typhoeus segmentation fault:
      Update cURL to version => 7.21 (may have to install from source) 
      See http://code.google.com/p/wpscan/issues/detail?id=81

  - If you have one the following errors: "-bash: !t: event not found", "-bash: !u: event not found" 
      It happens with enumeration : just put the 't' or 'u' before the 'p!' : '-e tp!' instead of '-e p!t'

  - Proxy not working:
      Update cURL to version => 7.21.7 (may have to install from source) 
      See https://github.com/wpscanteam/wpscan/issues/7

==WPSCAN ARGUMENTS==

--update   Update to the latest revision

--url   | -u <target url>  The WordPress URL/domain to scan.

--force | -f Forces WPScan to not check if the remote site is running WordPress.

--enumerate | -e [option(s)]  Enumeration.
  option :
    u        usernames from id 1 to 10
    u[10-20] usernames from id 10 to 20 (you must write [] chars)
    p        plugins
    vp       only vulnerable plugins
    ap       all plugins (can take a long time)
    tt       timthumbs
    t        themes
    vp       only vulnerable themes
    at       all themes (can take a long time)
  Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
  If no option is supplied, the default is 'vt,tt,u,vp'

--config-file | -c <config file> Use the specified config file

--follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not

--wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed

--wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed

--proxy  Supply a proxy in the format host:port or protocol://host:port (will override the one from conf/browser.conf.json). HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used

--wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.

--threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)

--username | -U <username>  Only brute force the supplied username.

--help     | -h This help screen.

--verbose  | -v Verbose output.

==WPSCAN EXAMPLES==

Do 'non-intrusive' checks...

  ruby wpscan.rb --url www.example.com

Do wordlist password brute force on enumerated users using 50 threads...

  ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50

Do wordlist password brute force on the 'admin' username only...

  ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin

Enumerate instaled plugins...

  ruby wpscan.rb --url www.example.com --enumerate p

==WPSTOOLS ARGUMENTS==

--help    | -h   This help screen.
--Verbose | -v   Verbose output.
--update  | -u   Update to the latest revision.
--generate_plugin_list [number of pages]  Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
--gpl  Alias for --generate_plugin_list

==WPSTOOLS EXAMPLES==

- Generate a new 'most popular' plugin list, up to 150 pages ...
ruby wpstools.rb --generate_plugin_list 150

===PROJECT HOME===

www.wpscan.org

===REPOSITORY===

https://github.com/wpscanteam/wpscan

===ISSUES===

https://github.com/wpscanteam/wpscan/issues

===SPONSOR===

WPScan is sponsored by the RandomStorm Open Source Initiative.

Visit RandomStorm at http://www.randomstorm.com