Updated WPScan User Documentation (markdown)
Ryan Dewhurst
@@ -113,6 +113,17 @@ If you do not supply an API token, WPScan will work as normal, with the exceptio
|
||||
|
||||
To bypass some simple WAFs you can try the `--random-user-agent` option.
|
||||
|
||||
## Docker Cheat Sheet
|
||||
|
||||
When using `--output` flag along with the WPScan Docker image, a bind mount must be used. Otherwise, the file is written inside the Docker container, which is then thrown away.
|
||||
|
||||
```
|
||||
mkdir ~/docker-bind
|
||||
docker run --rm --mount type=bind,source=$HOME/docker-bind,target=/output wpscanteam/wpscan:latest -o /output/wpscan-output.txt --url 'https://example.com'
|
||||
```
|
||||
|
||||
The `wpscan-output.txt` file now exists on the host machine at `~/docker-bind/wpscan-output.txt`.
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
If WPScan is not working as expected, you can use the `--proxy` option, and use a web proxy to inspect WPScan's HTTP requests, and the remote server's HTTP responses. This is useful when you do not know why you are getting false positives, or false negatives.
|
||||
|
||||
Reference in New Issue
Block a user