garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated WPScan User Documentation (markdown)

Ryan Dewhurst
2021-02-01 13:30:45 +01:00
parent a2b36100df
commit 2c9e00b348
1 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
WPScan-User-Documentation.md

@@ -79,15 +79,19 @@ WPScan keeps a local database of metadata that is used to output useful informat
_Please note that this data does not include the vulnerability data. See [Vulnerability Database](https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation#vulnerability-database) for information on the vulnerability data._
## Vulnerability Database
## Optional: WordPress Vulnerability Database API
WPScan uses the [WordPress Vulnerability Database](https://wpscan.com/api) API in real time to retrieve known vulnerabilities that affect WordPress core, plugins and themes.
The WPScan CLI tool uses the [WordPress Vulnerability Database API](https://wpscan.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPScan.com](https://wpscan.com/register).
For the vulnerability information to be shown within WPScan you will need to supply an API token with the `--api-token YOUR_TOKEN` option. Alternatively, you can supply the API token from a WPScan configuration file.
Up to 25 API requests per day are given free of charge, that should be suitable to scan most WordPress websites at least once. When the daily 25 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPScan.com](https://wpscan.com/).
A free API token is available, as well as paid plans, depending on your usage needs.
#### The Free plan allows 25 API requests per day. View the different [available API plans](https://wpscan.com/api).
If you do not supply an API token, WPScan will work as normal, with the exception that when a WordPress version, plugin or theme is detected, the associated known vulnerabilities will not be displayed.
### How many API requests do you need?
- Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
- On average, a WordPress website has 22 installed plugins.
- The Free plan should cover around 50% of all WordPress websites.
## Enumeration Modes