Updated WPScan User Documentation (markdown)
Ryan Dewhurst
@@ -99,21 +99,7 @@ _NOTE: Get your API token from [wpvulndb.com](https://wpvulndb.com/) if you also
|
|||||||
|
|
||||||
`wpscan --url example.com -e u --passwords /path/to/password_file.txt`
|
`wpscan --url example.com -e u --passwords /path/to/password_file.txt`
|
||||||
|
|
||||||
## Vulnerability Database
|
### Docker Cheat Sheet
|
||||||
|
|
||||||
WPScan uses the [WordPress Vulnerability Database](https://wpvulndb.com/api) API in real time to retrieve known vulnerabilities that affect WordPress core, plugins and themes.
|
|
||||||
|
|
||||||
For the vulnerability information to be shown within WPScan you will need to supply an API token with the `--api-token YOUR_TOKEN` option. Alternatively, you can supply the API token from a WPScan configuration file.
|
|
||||||
|
|
||||||
A free API token is available, as well as paid plans, depending on your usage needs.
|
|
||||||
|
|
||||||
If you do not supply an API token, WPScan will work as normal, with the exception that when a WordPress version, plugin or theme is detected, the associated known vulnerabilities will not be displayed.
|
|
||||||
|
|
||||||
## Bypassing Simple WAFs
|
|
||||||
|
|
||||||
To bypass some simple WAFs you can try the `--random-user-agent` option.
|
|
||||||
|
|
||||||
## Docker Cheat Sheet
|
|
||||||
|
|
||||||
- Pull the Docker repository
|
- Pull the Docker repository
|
||||||
|
|
||||||
@@ -132,6 +118,20 @@ docker run --rm --mount type=bind,source=$HOME/docker-bind,target=/output wpscan
|
|||||||
|
|
||||||
The `wpscan-output.txt` file now exists on the host machine at `~/docker-bind/wpscan-output.txt`.
|
The `wpscan-output.txt` file now exists on the host machine at `~/docker-bind/wpscan-output.txt`.
|
||||||
|
|
||||||
|
## Vulnerability Database
|
||||||
|
|
||||||
|
WPScan uses the [WordPress Vulnerability Database](https://wpvulndb.com/api) API in real time to retrieve known vulnerabilities that affect WordPress core, plugins and themes.
|
||||||
|
|
||||||
|
For the vulnerability information to be shown within WPScan you will need to supply an API token with the `--api-token YOUR_TOKEN` option. Alternatively, you can supply the API token from a WPScan configuration file.
|
||||||
|
|
||||||
|
A free API token is available, as well as paid plans, depending on your usage needs.
|
||||||
|
|
||||||
|
If you do not supply an API token, WPScan will work as normal, with the exception that when a WordPress version, plugin or theme is detected, the associated known vulnerabilities will not be displayed.
|
||||||
|
|
||||||
|
## Bypassing Simple WAFs
|
||||||
|
|
||||||
|
To bypass some simple WAFs you can try the `--random-user-agent` option.
|
||||||
|
|
||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
|
|
||||||
If WPScan is not working as expected, you can use the `--proxy` option, and use a web proxy to inspect WPScan's HTTP requests, and the remote server's HTTP responses. This is useful when you do not know why you are getting false positives, or false negatives.
|
If WPScan is not working as expected, you can use the `--proxy` option, and use a web proxy to inspect WPScan's HTTP requests, and the remote server's HTTP responses. This is useful when you do not know why you are getting false positives, or false negatives.
|
||||||
|
|||||||
Reference in New Issue
Block a user