garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
5a4dd31ba7b15aeae714091d8e25eaf555f38984
wpscan/doc_rdoc/README_md.html
Christian Mehlmauer a38c709d74 Updated documentation
2013-04-30 23:06:37 +02:00

538 lines
21 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>README - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body class="file">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="table-of-contents">
<nav class="section">
<h3 class="section-header">Table of Contents</h3>
<ul>
<li><a href="#label-LICENSE">LICENSE</a>
<li><a href="#label-INSTALL">INSTALL</a>
<li><a href="#label-KNOWN+ISSUES">KNOWN ISSUES</a>
<li><a href="#label-WPSCAN+ARGUMENTS">WPSCAN ARGUMENTS</a>
<li><a href="#label-WPSCAN+EXAMPLES">WPSCAN EXAMPLES</a>
<li><a href="#label-WPSTOOLS+ARGUMENTS">WPSTOOLS ARGUMENTS</a>
<li><a href="#label-WPSTOOLS+EXAMPLES">WPSTOOLS EXAMPLES</a>
<li><a href="#label-PROJECT+HOME">PROJECT HOME</a>
<li><a href="#label-GIT+REPOSITORY">GIT REPOSITORY</a>
<li><a href="#label-ISSUES">ISSUES</a>
<li><a href="#label-SPONSOR">SPONSOR</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./Gemfile_lock.html">Gemfile.lock</a>
<li class="file"><a href="./LICENSE.html">LICENSE</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./README_md.html">README</a>
<li class="file"><a href="./conf/browser_conf_json.html">browser.conf.json</a>
<li class="file"><a href="./generate_doc_sh.html">generate_doc.sh</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./Browser/Actions.html">Browser::Actions</a>
<li><a href="./Browser/Options.html">Browser::Options</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./Ethon.html">Ethon</a>
<li><a href="./Ethon/Easy.html">Ethon::Easy</a>
<li><a href="./Ethon/Easy/Options.html">Ethon::Easy::Options</a>
<li><a href="./File.html">File</a>
<li><a href="./Gem.html">Gem</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./StatsPlugin.html">StatsPlugin</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./Terminal.html">Terminal</a>
<li><a href="./Terminal/Table.html">Terminal::Table</a>
<li><a href="./Terminal/Table/Style.html">Terminal::Table::Style</a>
<li><a href="./Typhoeus.html">Typhoeus</a>
<li><a href="./Typhoeus/Request.html">Typhoeus::Request</a>
<li><a href="./Typhoeus/Request/Cacheable.html">Typhoeus::Request::Cacheable</a>
<li><a href="./Typhoeus/Response.html">Typhoeus::Response</a>
<li><a href="./TyphoeusCache.html">TyphoeusCache</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerabilities.html">Vulnerabilities</a>
<li><a href="./Vulnerabilities/Output.html">Vulnerabilities::Output</a>
<li><a href="./Vulnerability.html">Vulnerability</a>
<li><a href="./Vulnerability/Output.html">Vulnerability::Output</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpItem/Existable.html">WpItem::Existable</a>
<li><a href="./WpItem/Findable.html">WpItem::Findable</a>
<li><a href="./WpItem/Infos.html">WpItem::Infos</a>
<li><a href="./WpItem/Output.html">WpItem::Output</a>
<li><a href="./WpItem/Versionable.html">WpItem::Versionable</a>
<li><a href="./WpItem/Vulnerable.html">WpItem::Vulnerable</a>
<li><a href="./WpItems.html">WpItems</a>
<li><a href="./WpItems/Detectable.html">WpItems::Detectable</a>
<li><a href="./WpItems/Output.html">WpItems::Output</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugin/Vulnerable.html">WpPlugin::Vulnerable</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpPlugins/Detectable.html">WpPlugins::Detectable</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTarget/Malwares.html">WpTarget::Malwares</a>
<li><a href="./WpTarget/WpConfigBackup.html">WpTarget::WpConfigBackup</a>
<li><a href="./WpTarget/WpCustomDirectories.html">WpTarget::WpCustomDirectories</a>
<li><a href="./WpTarget/WpFullPathDisclosure.html">WpTarget::WpFullPathDisclosure</a>
<li><a href="./WpTarget/WpLoginProtection.html">WpTarget::WpLoginProtection</a>
<li><a href="./WpTarget/WpReadme.html">WpTarget::WpReadme</a>
<li><a href="./WpTarget/WpRegistrable.html">WpTarget::WpRegistrable</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpTheme/Findable.html">WpTheme::Findable</a>
<li><a href="./WpTheme/Versionable.html">WpTheme::Versionable</a>
<li><a href="./WpTheme/Vulnerable.html">WpTheme::Vulnerable</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpThemes/Detectable.html">WpThemes::Detectable</a>
<li><a href="./WpTimthumb.html">WpTimthumb</a>
<li><a href="./WpTimthumb/Existable.html">WpTimthumb::Existable</a>
<li><a href="./WpTimthumb/Output.html">WpTimthumb::Output</a>
<li><a href="./WpTimthumb/Versionable.html">WpTimthumb::Versionable</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpTimthumbs/Detectable.html">WpTimthumbs::Detectable</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUser/BruteForcable.html">WpUser::BruteForcable</a>
<li><a href="./WpUser/Existable.html">WpUser::Existable</a>
<li><a href="./WpUsers.html">WpUsers</a>
<li><a href="./WpUsers/BruteForcable.html">WpUsers::BruteForcable</a>
<li><a href="./WpUsers/Detectable.html">WpUsers::Detectable</a>
<li><a href="./WpUsers/Output.html">WpUsers::Output</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVersion/Findable.html">WpVersion::Findable</a>
<li><a href="./WpVersion/Output.html">WpVersion::Output</a>
<li><a href="./WpVersion/Vulnerable.html">WpVersion::Vulnerable</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation" class="description">
<p><img src="http://dvwa.co.uk/images/wpscan_logo_407x80.png" /></p>
<h4 id="label-LICENSE"><a href="LICENSE.html">LICENSE</a><span><a href="#label-LICENSE">&para;</a> <a href="#documentation">&uarr;</a></span></h4>
<p>WPScan - WordPress Security Scanner Copyright (C), 2011-2013 The WPScan
Team</p>
<p>This program is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option)
any later version.</p>
<p>This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
more details.</p>
<p>You should have received a copy of the GNU General Public License along
with this program. If not, see <a
href="http://www.gnu.org/licenses">www.gnu.org/licenses</a>/.</p>
<p>ryandewhurst at gmail</p>
<h4 id="label-INSTALL">INSTALL<span><a href="#label-INSTALL">&para;</a> <a href="#documentation">&uarr;</a></span></h4>
<p>WPScan comes pre-installed on the following Linux distributions:</p>
<ul><li>
<p><a href="http://www.backbox.org/">BackBox Linux</a></p>
</li><li>
<p><a href="http://www.backtrack-linux.org/">BackTrack Linux</a> (outdated
WPScan installed, update needed)</p>
</li><li>
<p><a href="http://www.pentoo.ch/">Pentoo</a></p>
</li><li>
<p><a href="http://samurai.inguardians.com/">SamuraiWTF</a></p>
</li></ul>
<p>Prerequisites:</p>
<ul><li>
<p>Windows not supported</p>
</li><li>
<p>Ruby =&gt; 1.9</p>
</li><li>
<p>RubyGems</p>
</li><li>
<p>Git</p>
</li></ul>
<p><em>Installing on Debian/Ubuntu:</em></p>
<pre>apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev</pre>
<pre>clone https://github.com/wpscanteam/wpscan.git</pre>
<pre>wpscan</pre>
<pre>gem install bundler &amp;&amp; bundle install --without test development</pre>
<p><em>Installing on Fedora:</em></p>
<pre>yum install libcurl-devel</pre>
<pre>clone https://github.com/wpscanteam/wpscan.git</pre>
<pre>wpscan</pre>
<pre>gem install bundler &amp;&amp; bundle install --without test development</pre>
<p><em>Installing on Archlinux:</em></p>
<pre>-Sy ruby</pre>
<pre>-Sy libyaml</pre>
<pre>clone https://github.com/wpscanteam/wpscan.git</pre>
<pre>wpscan</pre>
<pre>gem install bundler &amp;&amp; bundle install --without test development</pre>
<pre>install typhoeus</pre>
<pre>install nokogiri</pre>
<p><em>Installing on Mac OSX:</em></p>
<pre>clone https://github.com/wpscanteam/wpscan.git</pre>
<pre>wpscan</pre>
<pre>gem install bundler &amp;&amp; bundle install --without test development</pre>
<h4 id="label-KNOWN+ISSUES">KNOWN ISSUES<span><a href="#label-KNOWN+ISSUES">&para;</a> <a href="#documentation">&uarr;</a></span></h4>
<ul><li>
<p><a href="Typhoeus.html">Typhoeus</a> segmentation fault</p>
<p>Update cURL to version =&gt; 7.21 (may have to install from source) See
<a
href="http://code.google.com/p/wpscan/issues/detail?id=81">code.google.com/p/wpscan/issues/detail?id=81</a></p>
</li><li>
<p>Proxy not working</p>
<p>Update cURL to version =&gt; 7.21.7 (may have to install from source).</p>
<p>Installation from sources : <code> Grab the sources from
http://curl.haxx.se/download.html Decompress the archive Open the
folder with the extracted files Run ./configure Run make Run
sudo make install Run sudo ldconfig </code></p>
</li><li>
<p>cannot load such file -- readline:</p>
<p><code>sudo aptitude install libreadline5-dev libncurses5-dev</code></p>
<p>Then, open the directory of the readline gem (you have to locate it)
<code> cd ~/.rvm/src/ruby-1.9.2-p180/ext/readline ruby extconf.rb
make make install </code></p>
<p>See <a
href="http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console">vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console</a>/
for more details</p>
</li><li>
<p>no such file to load -- rubygems</p>
<p><code>update-alternatives --config ruby</code></p>
<p>And select your ruby version</p>
<p>See <a
href="https://github.com/wpscanteam/wpscan/issues/148">github.com/wpscanteam/wpscan/issues/148</a></p>
</li></ul>
<h4 id="label-WPSCAN+ARGUMENTS">WPSCAN ARGUMENTS<span><a href="#label-WPSCAN+ARGUMENTS">&para;</a> <a href="#documentation">&uarr;</a></span></h4>
<pre>--update Update to the latest revision
--url | -u &lt;target url&gt; The WordPress URL/domain to scan.
--force | -f Forces WPScan to not check if the remote site is running WordPress.
--enumerate | -e [option(s)] Enumeration.
option :
u usernames from id 1 to 10
u[10-20] usernames from id 10 to 20 (you must write [] chars)
p plugins
vp only vulnerable plugins
ap all plugins (can take a long time)
tt timthumbs
t themes
vt only vulnerable themes
at all themes (can take a long time)
Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
If no option is supplied, the default is 'vt,tt,u,vp'
--exclude-content-based '&lt;regexp or string&gt;' Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
--config-file | -c &lt;config file&gt; Use the specified config file
--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not
--wp-content-dir &lt;wp content dir&gt; WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed
--wp-plugins-dir &lt;wp plugins dir&gt; Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
--proxy &lt;[protocol://]host:port&gt; Supply a proxy (will override the one from conf/browser.conf.json).
HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
--proxy-auth &lt;username:password&gt; Supply the proxy login credentials (will override the one from conf/browser.conf.json).
--basic-auth &lt;username:password&gt; Set the HTTP Basic authentication
--wordlist | -w &lt;wordlist&gt; Supply a wordlist for the password bruter and do the brute.
--threads | -t &lt;number of threads&gt; The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
--username | -U &lt;username&gt; Only brute force the supplied username.
--help | -h This help screen.
--verbose | -v Verbose output.</pre>
<h4 id="label-WPSCAN+EXAMPLES">WPSCAN EXAMPLES<span><a href="#label-WPSCAN+EXAMPLES">&para;</a> <a href="#documentation">&uarr;</a></span></h4>
<p>Do non-intrusive checks…</p>
<pre class="ruby"><span class="ruby-identifier">wpscan</span>.<span class="ruby-identifier">rb</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">url</span> <span class="ruby-identifier">www</span>.<span class="ruby-identifier">example</span>.<span class="ruby-identifier">com</span>
</pre>
<p>Do wordlist password brute force on enumerated users using 50 threads…</p>
<pre class="ruby"><span class="ruby-identifier">wpscan</span>.<span class="ruby-identifier">rb</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">url</span> <span class="ruby-identifier">www</span>.<span class="ruby-identifier">example</span>.<span class="ruby-identifier">com</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">wordlist</span> <span class="ruby-identifier">darkc0de</span>.<span class="ruby-identifier">lst</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">threads</span> <span class="ruby-value">50</span>
</pre>
<p>Do wordlist password brute force on the admin username only…</p>
<pre class="ruby"><span class="ruby-identifier">wpscan</span>.<span class="ruby-identifier">rb</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">url</span> <span class="ruby-identifier">www</span>.<span class="ruby-identifier">example</span>.<span class="ruby-identifier">com</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">wordlist</span> <span class="ruby-identifier">darkc0de</span>.<span class="ruby-identifier">lst</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">username</span> <span class="ruby-identifier">admin</span>
</pre>
<p>Enumerate installed plugins…</p>
<pre class="ruby"><span class="ruby-identifier">wpscan</span>.<span class="ruby-identifier">rb</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">url</span> <span class="ruby-identifier">www</span>.<span class="ruby-identifier">example</span>.<span class="ruby-identifier">com</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">enumerate</span> <span class="ruby-identifier">p</span>
</pre>
<p>Run all enumeration tools…</p>
<pre class="ruby"><span class="ruby-identifier">wpscan</span>.<span class="ruby-identifier">rb</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">url</span> <span class="ruby-identifier">www</span>.<span class="ruby-identifier">example</span>.<span class="ruby-identifier">com</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">enumerate</span>
</pre>
<p>Use custom content directory…</p>
<pre class="ruby"><span class="ruby-identifier">wpscan</span>.<span class="ruby-identifier">rb</span> <span class="ruby-operator">-</span><span class="ruby-identifier">u</span> <span class="ruby-identifier">www</span>.<span class="ruby-identifier">example</span>.<span class="ruby-identifier">com</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">wp</span><span class="ruby-operator">-</span><span class="ruby-identifier">content</span><span class="ruby-operator">-</span><span class="ruby-identifier">dir</span> <span class="ruby-identifier">custom</span><span class="ruby-operator">-</span><span class="ruby-identifier">content</span>
</pre>
<p>Update WPScan…</p>
<pre class="ruby"><span class="ruby-identifier">wpscan</span>.<span class="ruby-identifier">rb</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">update</span>
</pre>
<h4 id="label-WPSTOOLS+ARGUMENTS">WPSTOOLS ARGUMENTS<span><a href="#label-WPSTOOLS+ARGUMENTS">&para;</a> <a href="#documentation">&uarr;</a></span></h4>
<pre>--help | -h This help screen.
--Verbose | -v Verbose output.
--update | -u Update to the latest revision.
--generate_plugin_list [number of pages] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
--gpl Alias for --generate_plugin_list
--check-local-vulnerable-files | --clvf &lt;local directory&gt; Perform a recursive scan in the &lt;local directory&gt; to find vulnerable files or shells</pre>
<h4 id="label-WPSTOOLS+EXAMPLES">WPSTOOLS EXAMPLES<span><a href="#label-WPSTOOLS+EXAMPLES">&para;</a> <a href="#documentation">&uarr;</a></span></h4>
<p>Generate a new most popular plugin list, up to 150 pages…</p>
<pre class="ruby"><span class="ruby-identifier">wpstools</span>.<span class="ruby-identifier">rb</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">generate_plugin_list</span> <span class="ruby-value">150</span>
</pre>
<p>Locally scan a wordpress installation for vulnerable files or shells :
<code>ruby wpstools.rb --check-local-vulnerable-files
/var/www/wordpress/</code></p>
<h4 id="label-PROJECT+HOME">PROJECT HOME<span><a href="#label-PROJECT+HOME">&para;</a> <a href="#documentation">&uarr;</a></span></h4>
<p><a href="http://www.wpscan.org">www.wpscan.org</a></p>
<h4 id="label-GIT+REPOSITORY">GIT REPOSITORY<span><a href="#label-GIT+REPOSITORY">&para;</a> <a href="#documentation">&uarr;</a></span></h4>
<p><a
href="https://github.com/wpscanteam/wpscan">github.com/wpscanteam/wpscan</a></p>
<h4 id="label-ISSUES">ISSUES<span><a href="#label-ISSUES">&para;</a> <a href="#documentation">&uarr;</a></span></h4>
<p><a
href="https://github.com/wpscanteam/wpscan/issues">github.com/wpscanteam/wpscan/issues</a></p>
<h4 id="label-SPONSOR">SPONSOR<span><a href="#label-SPONSOR">&para;</a> <a href="#documentation">&uarr;</a></span></h4>
<p>WPScan is sponsored by the <a
href="http://www.randomstorm.com">RandomStorm</a> Open Source Initiative.</p>
</div>
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 4.0.1.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>
Reference in New Issue View Git Blame Copy Permalink