<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: README [RDoc Documentation]</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet" />
<script src="./js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./LICENSE.html">LICENSE</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTarget/InterestingHeaders.html">WpTarget::InterestingHeaders</a></li>
<li><a href="./WpTarget/Malwares.html">WpTarget::Malwares</a></li>
<li><a href="./WpTarget/WpConfigBackup.html">WpTarget::WpConfigBackup</a></li>
<li><a href="./WpTarget/WpCustomDirectories.html">WpTarget::WpCustomDirectories</a></li>
<li><a href="./WpTarget/WpFullPathDisclosure.html">WpTarget::WpFullPathDisclosure</a></li>
<li><a href="./WpTarget/WpLoginProtection.html">WpTarget::WpLoginProtection</a></li>
<li><a href="./WpTarget/WpReadme.html">WpTarget::WpReadme</a></li>
<li><a href="./WpTarget/WpRegistrable.html">WpTarget::WpRegistrable</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpItem/Existable.html">WpItem::Existable</a></li>
<li><a href="./WpItem/Findable.html">WpItem::Findable</a></li>
<li><a href="./WpItem/Infos.html">WpItem::Infos</a></li>
<li><a href="./WpItem/Output.html">WpItem::Output</a></li>
<li><a href="./WpItem/Versionable.html">WpItem::Versionable</a></li>
<li><a href="./WpItem/Vulnerable.html">WpItem::Vulnerable</a></li>
<li><a href="./Typhoeus.html">Typhoeus</a></li>
<li><a href="./Typhoeus/Request.html">Typhoeus::Request</a></li>
<li><a href="./Typhoeus/Request/Cacheable.html">Typhoeus::Request::Cacheable</a></li>
<li><a href="./Typhoeus/Response.html">Typhoeus::Response</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpTheme/Findable.html">WpTheme::Findable</a></li>
<li><a href="./WpTheme/Versionable.html">WpTheme::Versionable</a></li>
<li><a href="./WpTheme/Vulnerable.html">WpTheme::Vulnerable</a></li>
<li><a href="./WpTimthumb.html">WpTimthumb</a></li>
<li><a href="./WpTimthumb/Existable.html">WpTimthumb::Existable</a></li>
<li><a href="./WpTimthumb/Output.html">WpTimthumb::Output</a></li>
<li><a href="./WpTimthumb/Versionable.html">WpTimthumb::Versionable</a></li>
<li><a href="./WpUsers.html">WpUsers</a></li>
<li><a href="./WpUsers/BruteForcable.html">WpUsers::BruteForcable</a></li>
<li><a href="./WpUsers/Detectable.html">WpUsers::Detectable</a></li>
<li><a href="./WpUsers/Output.html">WpUsers::Output</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVersion/Findable.html">WpVersion::Findable</a></li>
<li><a href="./WpVersion/Output.html">WpVersion::Output</a></li>
<li><a href="./WpVersion/Vulnerable.html">WpVersion::Vulnerable</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./Browser/Actions.html">Browser::Actions</a></li>
<li><a href="./Browser/Options.html">Browser::Options</a></li>
<li><a href="./Terminal.html">Terminal</a></li>
<li><a href="./Terminal/Table.html">Terminal::Table</a></li>
<li><a href="./Terminal/Table/Style.html">Terminal::Table::Style</a></li>
<li><a href="./WpItems.html">WpItems</a></li>
<li><a href="./WpItems/Detectable.html">WpItems::Detectable</a></li>
<li><a href="./WpItems/Output.html">WpItems::Output</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUser/BruteForcable.html">WpUser::BruteForcable</a></li>
<li><a href="./WpUser/Existable.html">WpUser::Existable</a></li>
<li><a href="./Vulnerabilities.html">Vulnerabilities</a></li>
<li><a href="./Vulnerabilities/Output.html">Vulnerabilities::Output</a></li>
<li><a href="./Vulnerability.html">Vulnerability</a></li>
<li><a href="./Vulnerability/Output.html">Vulnerability::Output</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugin/Vulnerable.html">WpPlugin::Vulnerable</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpPlugins/Detectable.html">WpPlugins::Detectable</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpThemes/Detectable.html">WpThemes::Detectable</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpTimthumbs/Detectable.html">WpTimthumbs::Detectable</a></li>
<li><a href="./Array.html">Array</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a></li>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a></li>
<li><a href="./File.html">File</a></li>
<li><a href="./GenerateList.html">GenerateList</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./Plugin.html">Plugin</a></li>
<li><a href="./Plugins.html">Plugins</a></li>
<li><a href="./StatsPlugin.html">StatsPlugin</a></li>
<li><a href="./SvnParser.html">SvnParser</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./TyphoeusCache.html">TyphoeusCache</a></li>
<li><a href="./URI.html">URI</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./VersionCompare.html">VersionCompare</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<p><em>__</em></p>
<pre>__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|</pre>
<p><em>__</em></p>
<h2>LICENSE==</h2>
<p>WPScan - WordPress Security Scanner Copyright (C) 2011-2013 The WPScan Team</p>
<p>This program is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option)
any later version.</p>
<p>This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
more details.</p>
<p>You should have received a copy of the GNU General Public License along
with this program. If not, see <<a
href="http://www.gnu.org/licenses/">www.gnu.org/licenses/</a>>.</p>
<p>ryandewhurst at gmail</p>
<h2>INSTALL==</h2>
<pre>WPScan comes pre-installed on the following Linux distributions:
* BackBox Linux
* BackTrack Linux
* Pentoo
* SamuraiWTF
Prerequisites:
* Windows not supported
* Ruby >= 1.9.2 - Recommended: 1.9.3
* Curl >= 7.21 - Recommended: latest - FYI the 7.29 has a segfault
* RubyGems - Recommended: latest
* Git
-> Installing on Debian/Ubuntu:
sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test development
-> Installing on Fedora:
sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test development
-> Installing on Archlinux:
pacman -Syu ruby
pacman -Syu libyaml
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test development
gem install typhoeus
gem install nokogiri
-> Installing on Mac OS X:
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test development</pre>
<h2>KNOWN ISSUES==</h2>
<pre>- Typhoeus segmentation fault:
Update cURL to version => 7.21 (may have to install from source)
See http://code.google.com/p/wpscan/issues/detail?id=81
- Proxy not working:
Update cURL to version => 7.21.7 (may have to install from source).
Installation from sources :
- Grab the sources from http://curl.haxx.se/download.html
- Decompress the archive
- Open the folder with the extracted files
- Run ./configure
- Run make
- Run sudo make install
- Run sudo ldconfig
- cannot load such file -- readline:
Run sudo aptitude install libreadline5-dev libncurses5-dev
Then, open the directory of the readline gem (you have to locate it)
cd ~/.rvm/src/ruby-1.9.2-p180/ext/readline
ruby extconf.rb
make
make install
See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
- no such file to load -- rubygems
Run update-alternatives --config ruby
And select your ruby version
See https://github.com/wpscanteam/wpscan/issues/148</pre>
<h2>WPSCAN ARGUMENTS==</h2>
<p>–update Update to the latest revision</p>
<p>–url | -u <target url> The WordPress URL/domain to scan.</p>
<p>–force | -f Forces WPScan to not check if the remote site is running
WordPress.</p>
<p>–enumerate | -e [option(s)] Enumeration.</p>
<pre>option :
u usernames from id 1 to 10
u[10-20] usernames from id 10 to 20 (you must write [] chars)
p plugins
vp only vulnerable plugins
ap all plugins (can take a long time)
tt timthumbs
t themes
vp only vulnerable themes
at all themes (can take a long time)
Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
If no option is supplied, the default is 'vt,tt,u,vp'</pre>
<p>–exclude-content-based ‘<regexp or string>’ Used with the
enumeration option, will exclude all occurrences based on the regexp or
string supplied</p>
<pre>You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)</pre>
<p>–config-file | -c <config file> Use the specified config file</p>
<p>–follow-redirection If the target url has a redirection, it will be
followed without asking if you wanted to do so or not</p>
<p>–wp-content-dir <wp content dir> WPScan try to find the content
directory (ie wp-content) by scanning the index page, however you can
specified it. Subdirectories are allowed</p>
<p>–wp-plugins-dir <wp plugins dir> Same thing than –wp-content-dir but
for the plugins directory. If not supplied, WPScan will use
wp-content-dir/plugins. Subdirectories are allowed</p>
<p>–proxy <[protocol://]host:port> Supply a proxy (will override the
one from conf/browser.conf.json).</p>
<pre>HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used</pre>
<p>–proxy-auth <username:password> Supply the proxy login credentials
(will override the one from conf/browser.conf.json).</p>
<p>–basic-auth <username:password> Set the HTTP Basic authentication</p>
<p>–wordlist | -w <wordlist> Supply a wordlist for the password bruter
and do the brute.</p>
<p>–threads | -t <number of threads> The number of threads to use when
multi-threading requests. (will override the value from
conf/browser.conf.json)</p>
<p>–username | -U <username> Only brute force the supplied username.</p>
<p>–help | -h This help screen.</p>
<p>–verbose | -v Verbose output.</p>
<h2>WPSCAN EXAMPLES==</h2>
<p>Do ‘non-intrusive’ checks…</p>
<pre>ruby wpscan.rb --url www.example.com</pre>
<p>Do wordlist password brute force on enumerated users using 50 threads…</p>
<pre>ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50</pre>
<p>Do wordlist password brute force on the ‘admin’ username only…</p>
<pre>ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin</pre>
<p>Enumerate installed plugins…</p>
<pre>ruby wpscan.rb --url www.example.com --enumerate p</pre>
<p>Run all enumeration tools…</p>
<pre>ruby wpscan.rb --url www.example.com --enumerate</pre>
<p>Use custom content directory…</p>
<pre>ruby wpscan.rb -u www.example.com --wp-content-dir custom-content</pre>
<p>Update WPScan…</p>
<pre>ruby wpscan.rb --update</pre>
<p>Debug output…</p>
<pre>ruby wpscan.rb --url www.example.com --debug-output 2>debug.log</pre>
<h2>WPSTOOLS ARGUMENTS==</h2>
<p>–help | -h This help screen. –Verbose | -v Verbose output. –update
| -u Update to the latest revision. –generate_plugin_list [number of
pages] Generate a new data/plugins.txt file. (supply number of
<b>pages</b> to parse, default : 150) –gpl Alias for –generate_plugin_list
–check-local-vulnerable-files | –clvf <local directory> Perform a
recursive scan in the <local directory> to find vulnerable files or
shells</p>
<h2>WPSTOOLS EXAMPLES==</h2>
<ul><li>
<p>Generate a new ‘most popular’ plugin list, up to 150 pages …</p>
</li></ul>
<p>ruby <a href="wpstools_rb.html">wpstools.rb</a> –generate_plugin_list 150</p>
<ul><li>
<p>Locally scan a wordpress installation for vulnerable files or shells :</p>
</li></ul>
<p>ruby <a href="wpstools_rb.html">wpstools.rb</a>
–check-local-vulnerable-files /var/www/wordpress/</p>
<h3>PROJECT HOME===</h3>
<p><a href="http://www.wpscan.org">www.wpscan.org</a></p>
<h3>REPOSITORY===</h3>
<p><a
href="https://github.com/wpscanteam/wpscan">github.com/wpscanteam/wpscan</a></p>
<h3>ISSUES===</h3>
<p><a
href="https://github.com/wpscanteam/wpscan/issues">github.com/wpscanteam/wpscan/issues</a></p>
<h3>SPONSOR===</h3>
<p>WPScan is sponsored by the RandomStorm Open Source Initiative.</p>
<p>Visit RandomStorm at <a
href="http://www.randomstorm.com">www.randomstorm.com</a></p>
</div>
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>
