Updated WPScan User Documentation (markdown)
Ryan Dewhurst
@@ -113,6 +113,17 @@ If you do not supply an API token, WPScan will work as normal, with the exceptio
|
|||||||
|
|
||||||
To bypass some simple WAFs you can try the `--random-user-agent` option.
|
To bypass some simple WAFs you can try the `--random-user-agent` option.
|
||||||
|
|
||||||
|
## Docker Cheat Sheet
|
||||||
|
|
||||||
|
When using `--output` flag along with the WPScan Docker image, a bind mount must be used. Otherwise, the file is written inside the Docker container, which is then thrown away.
|
||||||
|
|
||||||
|
```
|
||||||
|
mkdir ~/docker-bind
|
||||||
|
docker run --rm --mount type=bind,source=$HOME/docker-bind,target=/output wpscanteam/wpscan:latest -o /output/wpscan-output.txt --url 'https://example.com'
|
||||||
|
```
|
||||||
|
|
||||||
|
The `wpscan-output.txt` file now exists on the host machine at `~/docker-bind/wpscan-output.txt`.
|
||||||
|
|
||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
|
|
||||||
If WPScan is not working as expected, you can use the `--proxy` option, and use a web proxy to inspect WPScan's HTTP requests, and the remote server's HTTP responses. This is useful when you do not know why you are getting false positives, or false negatives.
|
If WPScan is not working as expected, you can use the `--proxy` option, and use a web proxy to inspect WPScan's HTTP requests, and the remote server's HTTP responses. This is useful when you do not know why you are getting false positives, or false negatives.
|
||||||
|
|||||||
Reference in New Issue
Block a user