garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
9e1af4e837564c30881cd3404a9f92046d4707ef
wpscan/README
erwanlr 9e1af4e837 Instruction for curl installation from sources
2012-12-06 11:11:26 -06:00

179 lines
5.8 KiB
Plaintext
Raw Blame History

__________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
__________________________________________________
==LICENSE==
WPScan - WordPress Security Scanner
Copyright (C) 2011-2012 Ryan Dewhurst AKA ethicalhack3r
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
ryandewhurst at gmail
==INSTALL==
WPScan comes pre-installed on the following Linux distributions:
* BackBox Linux
* BackTrack Linux (outdated WPScan installed, update needed)
* Pentoo
* SamuraiWTF
Prerequisites:
* Windows not supported
* Ruby => 1.9
* RubyGems
* Git
-> Installing on Debian/Ubuntu:
sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install
-> Installing on Fedora:
sudo yum install libcurl-devel
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install
-> Installing on Mac OS X:
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install
==KNOWN ISSUES==
- Typhoeus segmentation fault:
Update cURL to version => 7.21 (may have to install from source)
See http://code.google.com/p/wpscan/issues/detail?id=81
- If you have one the following errors: "-bash: !t: event not found", "-bash: !u: event not found"
It happens with enumeration : just put the 't' or 'u' before the 'p!' : '-e tp!' instead of '-e p!t'
- Proxy not working:
Update cURL to version => 7.21.7 (may have to install from source).
Installation from sources :
- Grab the sources from http://curl.haxx.se/download.html
- Decompress the archive
- Open the folder with the extracted files
- Run ./configure
- Run make
- Run sudo make install
- Run sudo ldconfig
==WPSCAN ARGUMENTS==
--update Update to the latest revision
--url | -u <target url> The WordPress URL/domain to scan.
--force | -f Forces WPScan to not check if the remote site is running WordPress.
--enumerate | -e [option(s)] Enumeration.
option :
u usernames from id 1 to 10
u[10-20] usernames from id 10 to 20 (you must write [] chars)
p plugins
vp only vulnerable plugins
ap all plugins (can take a long time)
tt timthumbs
t themes
vp only vulnerable themes
at all themes (can take a long time)
Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
If no option is supplied, the default is 'vt,tt,u,vp'
--config-file | -c <config file> Use the specified config file
--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not
--wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed
--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
--proxy Supply a proxy in the format host:port or protocol://host:port (will override the one from conf/browser.conf.json). HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
--proxy-auth Supply the proxy login credentials in the format username:password (will override the one from conf/browser.conf.json).
--wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute.
--threads | -t <number of threads> The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
--username | -U <username> Only brute force the supplied username.
--help | -h This help screen.
--verbose | -v Verbose output.
==WPSCAN EXAMPLES==
Do 'non-intrusive' checks...
ruby wpscan.rb --url www.example.com
Do wordlist password brute force on enumerated users using 50 threads...
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
Do wordlist password brute force on the 'admin' username only...
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
Enumerate instaled plugins...
ruby wpscan.rb --url www.example.com --enumerate p
==WPSTOOLS ARGUMENTS==
--help | -h This help screen.
--Verbose | -v Verbose output.
--update | -u Update to the latest revision.
--generate_plugin_list [number of pages] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
--gpl Alias for --generate_plugin_list
==WPSTOOLS EXAMPLES==
- Generate a new 'most popular' plugin list, up to 150 pages ...
ruby wpstools.rb --generate_plugin_list 150
===PROJECT HOME===
www.wpscan.org
===REPOSITORY===
https://github.com/wpscanteam/wpscan
===ISSUES===
https://github.com/wpscanteam/wpscan/issues
===SPONSOR===
WPScan is sponsored by the RandomStorm Open Source Initiative.
Visit RandomStorm at http://www.randomstorm.com
Reference in New Issue View Git Blame Copy Permalink