332 lines
11 KiB
HTML
332 lines
11 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII" />
|
|
<title>
|
|
File: README
|
|
|
|
— Documentation by YARD 0.8.5.2
|
|
|
|
</title>
|
|
|
|
<link rel="stylesheet" href="css/style.css" type="text/css" media="screen" charset="utf-8" />
|
|
|
|
<link rel="stylesheet" href="css/common.css" type="text/css" media="screen" charset="utf-8" />
|
|
|
|
<script type="text/javascript" charset="utf-8">
|
|
hasFrames = window.top.frames.main ? true : false;
|
|
relpath = '';
|
|
framesUrl = "frames.html#!" + escape(window.location.href);
|
|
</script>
|
|
|
|
|
|
<script type="text/javascript" charset="utf-8" src="js/jquery.js"></script>
|
|
|
|
<script type="text/javascript" charset="utf-8" src="js/app.js"></script>
|
|
|
|
|
|
</head>
|
|
<body>
|
|
<div id="header">
|
|
<div id="menu">
|
|
|
|
<a href="_index.html">Index</a> »
|
|
<span class="title">File: README</span>
|
|
|
|
|
|
<div class="noframes"><span class="title">(</span><a href="." target="_top">no frames</a><span class="title">)</span></div>
|
|
</div>
|
|
|
|
<div id="search">
|
|
|
|
<a class="full_list_link" id="class_list_link"
|
|
href="class_list.html">
|
|
Class List
|
|
</a>
|
|
|
|
<a class="full_list_link" id="method_list_link"
|
|
href="method_list.html">
|
|
Method List
|
|
</a>
|
|
|
|
<a class="full_list_link" id="file_list_link"
|
|
href="file_list.html">
|
|
File List
|
|
</a>
|
|
|
|
</div>
|
|
<div class="clear"></div>
|
|
</div>
|
|
|
|
<iframe id="search_frame"></iframe>
|
|
|
|
<div id="content"><div id='filecontents'>
|
|
<p><em>__</em></p>
|
|
|
|
<pre class="code ruby"><code class="ruby">__ _______ _____
|
|
\ \ / / __ \ / ____|
|
|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
|
|
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
|
|
\ /\ / | | ____) | (__| (_| | | | |
|
|
\/ \/ |_| |_____/ \___|\__,_|_| |_|</code></pre>
|
|
|
|
<p><em>__</em></p>
|
|
|
|
<h2>LICENSE==</h2>
|
|
|
|
<p>WPScan - WordPress Security Scanner Copyright (C) 2011-2013 The WPScan Team</p>
|
|
|
|
<p>This program is free software: you can redistribute it and/or modify it
|
|
under the terms of the GNU General Public License as published by the Free
|
|
Software Foundation, either version 3 of the License, or (at your option)
|
|
any later version.</p>
|
|
|
|
<p>This program is distributed in the hope that it will be useful, but WITHOUT
|
|
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
|
more details.</p>
|
|
|
|
<p>You should have received a copy of the GNU General Public License along
|
|
with this program. If not, see <<a
|
|
href="http://www.gnu.org/licenses">www.gnu.org/licenses</a>/>.</p>
|
|
|
|
<p>ryandewhurst at gmail</p>
|
|
|
|
<h2>INSTALL==</h2>
|
|
|
|
<pre class="code ruby"><code class="ruby">WPScan comes pre-installed on the following Linux distributions:
|
|
|
|
* BackBox Linux
|
|
* BackTrack Linux
|
|
* Pentoo
|
|
* SamuraiWTF
|
|
|
|
Prerequisites:
|
|
|
|
* Windows not supported
|
|
* Ruby >= 1.9.2 - Recommended: 1.9.3
|
|
* Curl >= 7.21 - Recommended: latest - FYI the 7.29 has a segfault
|
|
* RubyGems - Recommended: latest
|
|
* Git
|
|
|
|
-> Installing on Debian/Ubuntu:
|
|
|
|
sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
|
|
git clone https://github.com/wpscanteam/wpscan.git
|
|
cd wpscan
|
|
sudo gem install bundler && bundle install --without test development
|
|
|
|
-> Installing on Fedora:
|
|
|
|
sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel
|
|
git clone https://github.com/wpscanteam/wpscan.git
|
|
cd wpscan
|
|
sudo gem install bundler && bundle install --without test development
|
|
|
|
-> Installing on Archlinux:
|
|
|
|
pacman -Syu ruby
|
|
pacman -Syu libyaml
|
|
|
|
git clone https://github.com/wpscanteam/wpscan.git
|
|
cd wpscan
|
|
sudo gem install bundler && bundle install --without test development
|
|
|
|
gem install typhoeus
|
|
gem install nokogiri
|
|
|
|
-> Installing on Mac OS X:
|
|
|
|
git clone https://github.com/wpscanteam/wpscan.git
|
|
cd wpscan
|
|
sudo gem install bundler && bundle install --without test development</code></pre>
|
|
|
|
<h2>KNOWN ISSUES==</h2>
|
|
|
|
<pre class="code ruby"><code class="ruby">- Typhoeus segmentation fault:
|
|
Update cURL to version => 7.21 (may have to install from source)
|
|
See http://code.google.com/p/wpscan/issues/detail?id=81
|
|
|
|
- Proxy not working:
|
|
Update cURL to version => 7.21.7 (may have to install from source).
|
|
|
|
Installation from sources :
|
|
- Grab the sources from http://curl.haxx.se/download.html
|
|
- Decompress the archive
|
|
- Open the folder with the extracted files
|
|
- Run ./configure
|
|
- Run make
|
|
- Run sudo make install
|
|
- Run sudo ldconfig
|
|
|
|
- cannot load such file -- readline:
|
|
Run sudo aptitude install libreadline5-dev libncurses5-dev
|
|
|
|
Then, open the directory of the readline gem (you have to locate it)
|
|
|
|
cd ~/.rvm/src/ruby-1.9.2-p180/ext/readline
|
|
ruby extconf.rb
|
|
make
|
|
make install
|
|
|
|
See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
|
|
|
|
- no such file to load -- rubygems
|
|
Run update-alternatives --config ruby
|
|
And select your ruby version
|
|
|
|
See https://github.com/wpscanteam/wpscan/issues/148</code></pre>
|
|
|
|
<h2>WPSCAN ARGUMENTS==</h2>
|
|
|
|
<p>--update Update to the latest revision</p>
|
|
|
|
<p>--url | -u <target url> The WordPress URL/domain to scan.</p>
|
|
|
|
<p>--force | -f Forces WPScan to not check if the remote site is running
|
|
WordPress.</p>
|
|
|
|
<p>--enumerate | -e [option(s)] Enumeration.</p>
|
|
|
|
<pre class="code ruby"><code class="ruby">option :
|
|
u usernames from id 1 to 10
|
|
u[10-20] usernames from id 10 to 20 (you must write [] chars)
|
|
p plugins
|
|
vp only vulnerable plugins
|
|
ap all plugins (can take a long time)
|
|
tt timthumbs
|
|
t themes
|
|
vp only vulnerable themes
|
|
at all themes (can take a long time)
|
|
Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
|
|
If no option is supplied, the default is 'vt,tt,u,vp'</code></pre>
|
|
|
|
<p>--exclude-content-based '<regexp or string>' Used with the
|
|
enumeration option, will exclude all occurrences based on the regexp or
|
|
string supplied</p>
|
|
|
|
<pre class="code ruby"><code class="ruby">You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)</code></pre>
|
|
|
|
<p>--config-file | -c <config file> Use the specified config file</p>
|
|
|
|
<p>--follow-redirection If the target url has a redirection, it will be
|
|
followed without asking if you wanted to do so or not</p>
|
|
|
|
<p>--wp-content-dir <wp content dir> WPScan try to find the content
|
|
directory (ie wp-content) by scanning the index page, however you can
|
|
specified it. Subdirectories are allowed</p>
|
|
|
|
<p>--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir
|
|
but for the plugins directory. If not supplied, WPScan will use
|
|
wp-content-dir/plugins. Subdirectories are allowed</p>
|
|
|
|
<p>--proxy <[protocol://]host:port> Supply a proxy (will override the
|
|
one from conf/browser.conf.json).</p>
|
|
|
|
<pre class="code ruby"><code class="ruby">HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used</code></pre>
|
|
|
|
<p>--proxy-auth <username:password> Supply the proxy login credentials
|
|
(will override the one from conf/browser.conf.json).</p>
|
|
|
|
<p>--basic-auth <username:password> Set the HTTP Basic authentication</p>
|
|
|
|
<p>--wordlist | -w <wordlist> Supply a wordlist for the password bruter
|
|
and do the brute.</p>
|
|
|
|
<p>--threads | -t <number of threads> The number of threads to use
|
|
when multi-threading requests. (will override the value from
|
|
conf/browser.conf.json)</p>
|
|
|
|
<p>--username | -U <username> Only brute force the supplied username.</p>
|
|
|
|
<p>--help | -h This help screen.</p>
|
|
|
|
<p>--verbose | -v Verbose output.</p>
|
|
|
|
<h2>WPSCAN EXAMPLES==</h2>
|
|
|
|
<p>Do 'non-intrusive' checks...</p>
|
|
|
|
<pre class="code ruby"><code class="ruby">ruby wpscan.rb --url www.example.com</code></pre>
|
|
|
|
<p>Do wordlist password brute force on enumerated users using 50 threads...</p>
|
|
|
|
<pre class="code ruby"><code class="ruby">ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50</code></pre>
|
|
|
|
<p>Do wordlist password brute force on the 'admin' username only...</p>
|
|
|
|
<pre class="code ruby"><code class="ruby">ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin</code></pre>
|
|
|
|
<p>Enumerate installed plugins...</p>
|
|
|
|
<pre class="code ruby"><code class="ruby">ruby wpscan.rb --url www.example.com --enumerate p</code></pre>
|
|
|
|
<p>Run all enumeration tools...</p>
|
|
|
|
<pre class="code ruby"><code class="ruby">ruby wpscan.rb --url www.example.com --enumerate</code></pre>
|
|
|
|
<p>Use custom content directory...</p>
|
|
|
|
<pre class="code ruby"><code class="ruby">ruby wpscan.rb -u www.example.com --wp-content-dir custom-content</code></pre>
|
|
|
|
<p>Update WPScan...</p>
|
|
|
|
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_ruby'>ruby</span> <span class='id identifier rubyid_wpscan'>wpscan</span><span class='period'>.</span><span class='id identifier rubyid_rb'>rb</span> <span class='op'>-</span><span class='op'>-</span><span class='id identifier rubyid_update'>update</span></code></pre>
|
|
|
|
<p>Debug output...</p>
|
|
|
|
<pre class="code ruby"><code class="ruby">ruby wpscan.rb --url www.example.com --debug-output 2>debug.log</code></pre>
|
|
|
|
<h2>WPSTOOLS ARGUMENTS==</h2>
|
|
|
|
<p>--help | -h This help screen. --Verbose | -v Verbose output.
|
|
--update | -u Update to the latest revision. --generate_plugin_list
|
|
[number of pages] Generate a new data/plugins.txt file. (supply number of
|
|
<b>pages</b> to parse, default : 150) --gpl Alias for
|
|
--generate_plugin_list --check-local-vulnerable-files | --clvf <local
|
|
directory> Perform a recursive scan in the <local directory> to
|
|
find vulnerable files or shells</p>
|
|
|
|
<h2>WPSTOOLS EXAMPLES==</h2>
|
|
<ul><li>
|
|
<p>Generate a new 'most popular' plugin list, up to 150 pages ...</p>
|
|
</li></ul>
|
|
|
|
<p>ruby wpstools.rb --generate_plugin_list 150</p>
|
|
<ul><li>
|
|
<p>Locally scan a wordpress installation for vulnerable files or shells :</p>
|
|
</li></ul>
|
|
|
|
<p>ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/</p>
|
|
|
|
<h3>PROJECT HOME===</h3>
|
|
|
|
<p><a href="http://www.wpscan.org">www.wpscan.org</a></p>
|
|
|
|
<h3>REPOSITORY===</h3>
|
|
|
|
<p><a
|
|
href="https://github.com/wpscanteam/wpscan">github.com/wpscanteam/wpscan</a></p>
|
|
|
|
<h3>ISSUES===</h3>
|
|
|
|
<p><a
|
|
href="https://github.com/wpscanteam/wpscan/issues">github.com/wpscanteam/wpscan/issues</a></p>
|
|
|
|
<h3>SPONSOR===</h3>
|
|
|
|
<p>WPScan is sponsored by the RandomStorm Open Source Initiative.</p>
|
|
|
|
<p>Visit RandomStorm at <a
|
|
href="http://www.randomstorm.com">www.randomstorm.com</a></p>
|
|
</div></div>
|
|
|
|
<div id="footer">
|
|
Generated on Fri Jul 19 21:49:35 2013 by
|
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
|
0.8.5.2 (ruby-1.9.3).
|
|
</div>
|
|
|
|
</body>
|
|
</html> |