161 lines
4.8 KiB
Plaintext
161 lines
4.8 KiB
Plaintext
__________________________________________________
|
|
__ _______ _____
|
|
\ \ / / __ \ / ____|
|
|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
|
|
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
|
|
\ /\ / | | ____) | (__| (_| | | | |
|
|
\/ \/ |_| |_____/ \___|\__,_|_| |_|
|
|
__________________________________________________
|
|
|
|
==LICENSE==
|
|
|
|
WPScan - WordPress Security Scanner
|
|
Copyright (C) 2011 Ryan Dewhurst AKA ethicalhack3r
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
ryandewhurst at gmail
|
|
|
|
|
|
==INSTALL==
|
|
|
|
WPScan comes pre-installed on BackTrack5 R1 in the /pentest/web/wpscan directory. WPScan only supports Ruby => 1.9.
|
|
|
|
-> Installing on Backtrack5 Gnome/KDE 32bit :
|
|
|
|
sudo apt-get install libcurl4-gnutls-dev
|
|
sudo gem install --user-install mime-types typhoeus nokogiri json
|
|
|
|
|
|
-> Installing on Debian/Ubuntu :
|
|
|
|
sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby
|
|
sudo gem install typhoeus nokogiri json
|
|
|
|
|
|
-> Installing on other nix : (not tested)
|
|
|
|
sudo gem install typhoeus nokogiri json
|
|
|
|
|
|
-> Installing on Windows : (not tested)
|
|
|
|
gem install typhoeus ("Windows is not officially supported")
|
|
gem install nokogiri json
|
|
|
|
|
|
-> Installing on Mac OSX :
|
|
|
|
sudo gem install typhoeus nokogiri json
|
|
|
|
|
|
==KNOWN ISSUES==
|
|
|
|
- Typhoeus segmentation fault
|
|
Update curl to at least v7.21 (you may have to install it from sources)
|
|
See http://code.google.com/p/wpscan/issues/detail?id=81
|
|
|
|
- If you have one the following errors : "-bash: !t: event not found", "-bash: !u: event not found"
|
|
It happens with enumeration : just put the 't' or 'u' before the 'p!' : '-e tp!' instead of '-e p!t'
|
|
|
|
|
|
==WPSCAN ARGUMENTS==
|
|
|
|
--update Update to the latest revision
|
|
|
|
--url | -u <target url> The WordPress URL/domain to scan.
|
|
|
|
--force | -f Forces WPScan to not check if the remote site is running WordPress.
|
|
|
|
--enumerate | -e [option(s)] Enumeration.
|
|
option :
|
|
u usernames from id 1 to 10
|
|
u[10-20] usernames from id 10 to 20 (you must write [] chars)
|
|
p plugins
|
|
p! only vulnerable plugins
|
|
t timthumbs
|
|
Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins
|
|
If no option is supplied, the default is 'tup!'
|
|
|
|
--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not
|
|
|
|
--wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed
|
|
|
|
--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
|
|
|
|
--proxy Supply a proxy in the format host:port (will override the one from conf/browser.conf.json)
|
|
|
|
--wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute.
|
|
|
|
--threads | -t <number of threads> The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
|
|
|
|
--username | -U <username> Only brute force the supplied username.
|
|
|
|
--help | -h This help screen.
|
|
|
|
--verbose | -v Verbose output.
|
|
|
|
|
|
==WPSCAN EXAMPLES==
|
|
|
|
Do 'non-intrusive' checks...
|
|
|
|
ruby wpscan.rb --url www.example.com
|
|
|
|
Do wordlist password brute force on enumerated users using 50 threads...
|
|
|
|
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
|
|
|
|
Do wordlist password brute force on the 'admin' username only...
|
|
|
|
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
|
|
|
|
Enumerate instaled plugins...
|
|
|
|
ruby wpscan.rb --url www.example.com --enumerate p
|
|
|
|
|
|
==WPSTOOLS ARGUMENTS==
|
|
|
|
--help | -h This help screen.
|
|
--Verbose | -v Verbose output.
|
|
--update | -u Update to the latest revision.
|
|
--generate_plugin_list [number of pages] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
|
|
--gpl Alias for --generate_plugin_list
|
|
|
|
|
|
==WPSTOOLS EXAMPLES==
|
|
|
|
- Generate a new 'most popular' plugin list, up to 150 pages ...
|
|
ruby wpstools.rb --generate_plugin_list 150
|
|
|
|
|
|
===PROJECT HOME===
|
|
|
|
www.wpscan.org
|
|
|
|
===REPOSITORY===
|
|
|
|
https://github.com/wpscanteam/wpscan
|
|
|
|
===ISSUES===
|
|
|
|
https://github.com/wpscanteam/wpscan/issues
|
|
|
|
===SPONSOR===
|
|
|
|
WPScan is sponsored by the RandomStorm Open Source Initiative.
|
|
|
|
Visit RandomStorm at http://www.randomstorm.com
|