garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
fe1191a51ed0d226ab313e90e77b43ee6538661d
wpscan/doc/README.html
Christian Mehlmauer 9b6a2805d7 custom plugins directory
2012-09-22 23:50:14 +02:00

330 lines
11 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: README [RDoc Documentation]</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet" />
<script src="./js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<p><em>__</em></p>
<pre>__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|</pre>
<p><em>__</em></p>
<h2>LICENSE==</h2>
<p>WPScan - WordPress Security Scanner Copyright (C) 2011 Ryan Dewhurst AKA
ethicalhack3r</p>
<p>This program is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option)
any later version.</p>
<p>This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
more details.</p>
<p>You should have received a copy of the GNU General Public License along
with this program. If not, see &lt;<a
href="http://www.gnu.org/licenses/">www.gnu.org/licenses/</a>&gt;.</p>
<p>ryandewhurst at gmail</p>
<h2>INSTALL==</h2>
<p>WPScan comes pre-installed on BackTrack5 R1 in the /pentest/web/wpscan
directory. WPScan only supports Ruby =&gt; 1.9.</p>
<pre>-&gt; Installing on Backtrack5 Gnome/KDE 32bit :
sudo apt-get install libcurl4-gnutls-dev
sudo gem install --user-install mime-types typhoeus nokogiri json
-&gt; Installing on Debian/Ubuntu :
sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby
sudo gem install typhoeus nokogiri json
-&gt; Installing on other nix : (not tested)
sudo gem install typhoeus nokogiri json
-&gt; Installing on Windows : (not tested)
gem install typhoeus (&quot;Windows is not officially supported&quot;)
gem install nokogiri json
-&gt; Installing on Mac OSX :
sudo gem install typhoeus nokogiri json</pre>
<h2>KNOWN ISSUES==</h2>
<pre>- Typhoeus segmentation fault
Update curl to at least v7.21 (you may have to install it from sources)
See http://code.google.com/p/wpscan/issues/detail?id=81
- If you have one the following errors : &quot;-bash: !t: event not found&quot;, &quot;-bash: !u: event not found&quot;
It happens with enumeration : just put the 't' or 'u' before the 'p!' : '-e tp!' instead of '-e p!t'</pre>
<h2>WPSCAN ARGUMENTS==</h2>
<p>update Update to the latest revision</p>
<p>url | -u &lt;target url&gt; The WordPress URL/domain to scan.</p>
<p>force | -f Forces WPScan to not check if the remote site is running
WordPress.</p>
<p>enumerate | -e [option(s)] Enumeration.</p>
<pre>option :
u usernames from id 1 to 10
u[10-20] usernames from id 10 to 20 (you must write [] chars)
p plugins
p! only vulnerable plugins
t timthumbs
Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins
If no option is supplied, the default is 'tup!'</pre>
<p>config-file | -c &lt;config file&gt; Use the specified config file</p>
<p>follow-redirection If the target url has a redirection, it will be
followed without asking if you wanted to do so or not</p>
<p>wp-content-dir &lt;wp content dir&gt; WPScan try to find the content
directory (ie wp-content) by scanning the index page, however you can
specified it. Subdirectories are allowed</p>
<p>wp-plugins-dir &lt;wp plugins dir&gt; Same thing than wp-content-dir but
for the plugins directory. If not supplied, WPScan will use
wp-content-dir/plugins. Subdirectories are allowed</p>
<p>proxy Supply a proxy in the format host:port or protocol://host:port
(will override the one from conf/browser.conf.json). HTTP, SOCKS4 SOCKS4A
and SOCKS5 are supported. If no protocol is given (format host:port), HTTP
will be used</p>
<p>wordlist | -w &lt;wordlist&gt; Supply a wordlist for the password bruter
and do the brute.</p>
<p>threads | -t &lt;number of threads&gt; The number of threads to use when
multi-threading requests. (will override the value from
conf/browser.conf.json)</p>
<p>username | -U &lt;username&gt; Only brute force the supplied username.</p>
<p>help | -h This help screen.</p>
<p>verbose | -v Verbose output.</p>
<h2>WPSCAN EXAMPLES==</h2>
<p>Do non-intrusive checks…</p>
<pre>ruby wpscan.rb --url www.example.com</pre>
<p>Do wordlist password brute force on enumerated users using 50 threads…</p>
<pre>ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50</pre>
<p>Do wordlist password brute force on the admin username only…</p>
<pre>ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin</pre>
<p>Enumerate instaled plugins…</p>
<pre>ruby wpscan.rb --url www.example.com --enumerate p</pre>
<h2>WPSTOOLS ARGUMENTS==</h2>
<p>help | -h This help screen. Verbose | -v Verbose output. update
| -u Update to the latest revision. generate_plugin_list [number of
pages] Generate a new data/plugins.txt file. (supply number of
<b>pages</b> to parse, default : 150) gpl Alias for generate_plugin_list</p>
<h2>WPSTOOLS EXAMPLES==</h2>
<ul><li>
<p>Generate a new most popular plugin list, up to 150 pages …</p>
</li></ul>
<p>ruby <a href="wpstools_rb.html">wpstools.rb</a> generate_plugin_list 150</p>
<h3>PROJECT HOME===</h3>
<p><a href="http://www.wpscan.org">www.wpscan.org</a></p>
<h3>REPOSITORY===</h3>
<p><a
href="https://github.com/wpscanteam/wpscan">github.com/wpscanteam/wpscan</a></p>
<h3>ISSUES===</h3>
<p><a
href="https://github.com/wpscanteam/wpscan/issues">github.com/wpscanteam/wpscan/issues</a></p>
<h3>SPONSOR===</h3>
<p>WPScan is sponsored by the RandomStorm Open Source Initiative.</p>
<p>Visit RandomStorm at <a
href="http://www.randomstorm.com">www.randomstorm.com</a></p>
</div>
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink