Updated WPScan User Documentation (markdown)
Ryan Dewhurst
@@ -4,6 +4,26 @@
|
|||||||
|
|
||||||
WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites.
|
WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites.
|
||||||
|
|
||||||
|
WPScan is written in the Ruby programming language. The first version of WPScan was released on the [16th of June 2011](https://blog.dewhurstsecurity.com/2011/06/16/introducing-wpscan-wordpress-security-scanner.html).
|
||||||
|
|
||||||
|
## Installation
|
||||||
|
|
||||||
|
### Ruby Gem
|
||||||
|
|
||||||
|
WPScan is shipped as a Ruby gem, and can be installed with the following command:
|
||||||
|
|
||||||
|
`gem install wpscan`
|
||||||
|
|
||||||
|
### Docker
|
||||||
|
|
||||||
|
We also support Docker. Pull the repo with:
|
||||||
|
|
||||||
|
`docker pull wpscanteam/wpscan`
|
||||||
|
|
||||||
|
Example Docker command to enumerate usernames:
|
||||||
|
|
||||||
|
`docker run -it --rm wpscanteam/wpscan --url https://example.com/ --enumerate u`
|
||||||
|
|
||||||
## Enumeration Modes
|
## Enumeration Modes
|
||||||
|
|
||||||
When enumerating the WordPress version, installed plugins or installed themes, you can use three different "modes", which are:
|
When enumerating the WordPress version, installed plugins or installed themes, you can use three different "modes", which are:
|
||||||
|
|||||||
Reference in New Issue
Block a user