Script Wp-Scan

Posted by


 
WP Scan

####INSTALL  

WPScan comes pre-installed on the following Linux distributions:

- [BackBox Linux](http://www.backbox.org/)
- [BackTrack Linux](http://www.backtrack-linux.org/) (outdated WPScan installed, update needed)
- [Pentoo](http://www.pentoo.ch/)
- [SamuraiWTF](http://samurai.inguardians.com/)

Prerequisites:

- Windows not supported
- Ruby => 1.9
- RubyGems
- Git

*Installing on Debian/Ubuntu:*

```sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev```

```git clone https://github.com/wpscanteam/wpscan.git%60%60%60

```cd wpscan```

```sudo gem install bundler && bundle install --without test development```

*Installing on Fedora:*

```sudo yum install libcurl-devel```

```git clone https://github.com/wpscanteam/wpscan.git%60%60%60

```cd wpscan```

```sudo gem install bundler && bundle install --without test development```

*Installing on Archlinux:*

```pacman -Sy ruby```

```pacman -Sy libyaml```

```git clone https://github.com/wpscanteam/wpscan.git%60%60%60

```cd wpscan```

```sudo gem install bundler && bundle install --without test development```

```gem install typhoeus```

```gem install nokogiri```

*Installing on Mac OSX:*

```git clone https://github.com/wpscanteam/wpscan.git%60%60%60

```cd wpscan```

```sudo gem install bundler && bundle install --without test development```

#### KNOWN ISSUES

- Typhoeus segmentation fault

Update cURL to version => 7.21 (may have to install from source)
See http://code.google.com/p/wpscan/issues/detail?id=81

- Proxy not working

Update cURL to version => 7.21.7 (may have to install from source).

Installation from sources :
```
Grab the sources from http://curl.haxx.se/download.html
Decompress the archive
Open the folder with the extracted files
Run ./configure
Run make
Run sudo make install
Run sudo ldconfig
```

- cannot load such file -- readline:

```sudo aptitude install libreadline5-dev libncurses5-dev```

Then, open the directory of the readline gem (you have to locate it)
```
cd ~/.rvm/src/ruby-1.9.2-p180/ext/readline
ruby extconf.rb
make
make install
```

See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details

- no such file to load -- rubygems

```update-alternatives --config ruby```

And select your ruby version

See https://github.com/wpscanteam/wpscan/issues/148

#### WPSCAN ARGUMENTS

--update Update to the latest revision

--url | -u <target url> The WordPress URL/domain to scan.

--force | -f Forces WPScan to not check if the remote site is running WordPress.

--enumerate | -e [option(s)] Enumeration.
option :
u usernames from id 1 to 10
u[10-20] usernames from id 10 to 20 (you must write [] chars)
p plugins
vp only vulnerable plugins
ap all plugins (can take a long time)
tt timthumbs
t themes
vt only vulnerable themes
at all themes (can take a long time)
Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
If no option is supplied, the default is 'vt,tt,u,vp'

--exclude-content-based '<regexp or string>' Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)

--config-file | -c <config file> Use the specified config file

--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not

--wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed

--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed

--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).
HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used

--proxy-auth <username:password> Supply the proxy login credentials (will override the one from conf/browser.conf.json).

--basic-auth <username:password> Set the HTTP Basic authentication

--wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute.

--threads | -t <number of threads> The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)

--username | -U <username> Only brute force the supplied username.

--help | -h This help screen.

--verbose | -v Verbose output.

#### WPSCAN EXAMPLES

Do 'non-intrusive' checks...

```ruby wpscan.rb --url www.example.com```

Do wordlist password brute force on enumerated users using 50 threads...

```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50```

Do wordlist password brute force on the 'admin' username only...

```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin```

Enumerate installed plugins...

```ruby wpscan.rb --url www.example.com --enumerate p```

Run all enumeration tools...

```ruby wpscan.rb --url www.example.com --enumerate```

Use custom content directory...

```ruby wpscan.rb -u www.example.com --wp-content-dir custom-content```

Update WPScan...

```ruby wpscan.rb --update```

#### WPSTOOLS ARGUMENTS

--help | -h This help screen.
--Verbose | -v Verbose output.
--update | -u Update to the latest revision.
--generate_plugin_list [number of pages] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
--gpl Alias for --generate_plugin_list
--check-local-vulnerable-files | --clvf <local directory> Perform a recursive scan in the <local directory> to find vulnerable files or shells

#### WPSTOOLS EXAMPLES

Generate a new 'most popular' plugin list, up to 150 pages...

```ruby wpstools.rb --generate_plugin_list 150```

Locally scan a wordpress installation for vulnerable files or shells :
```ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/```


Blog, Updated at: 5/03/2013 06:18:00 PM

12 komentar:

  1. Hello! Τhis pοst cοuld not be wrіtten any better!
    Rеading thіs poѕt reminds me of my
    gоod old room mate! He always kept chatting about thiѕ.
    I wіll forward this article to him. Pretty sure he will hаve a good rеad.
    Thanks for ѕharing!

    Mу ωeb blog ... http://www.bundespressecamp.de/

    BalasHapus
  2. Wow, awesome blog layout! How long have you been
    blogging for? you made blogging look easy.
    The overall look of your web site is fantastic, as well as
    the content!

    Here is my blog http://www.pickup-Artist.com/how-To-pick-up-women/

    BalasHapus
  3. When I originally commented I clicked the "Notify me when new comments are added" checkbox and now each time a comment is added I get three emails with the
    same comment. Is there any way you can remove me from that service?

    Thank you!

    Feel free to surf to my web site - products

    BalasHapus
  4. I visited several web sites but the audio feature for audio songs
    existing at this web site is genuinely superb.

    Also visit my page: Comweb.upc.edu

    BalasHapus
  5. Hi there mates, its great article regarding tutoringand entirely defined, keep it up all the time.



    Here is my weblog :: here

    BalasHapus
  6. I've been exploring for a bit for any high-quality articles or blog posts on this sort of space . Exploring in Yahoo I finally stumbled upon this site. Reading this info So i'm
    satisfied to convey that I have a very just right uncanny feeling I came upon just what I needed.
    I most undoubtedly will make sure to don?t fail to remember this site and give it a look regularly.


    my site ... finding love again

    BalasHapus
  7. I don't know whether it's just me or if everyone else encountering problems with your website.

    It seems like some of the text within your posts are
    running off the screen. Can somebody else please comment and let me know if this is happening to them as well?

    This might be a issue with my browser because I've had this happen before. Appreciate it

    Also visit my page: More Helpful Hints

    BalasHapus
  8. Vreau să spun că sunt unul dintre femelele cele mai fermecătoare din întreaga lume .
    Dacă se poate descoperi ei "pete dulce " , atunci
    va fi , un pas mai aproape de a oferi omare " O " ! Nu-i rău
    pentru ceva ce nu a mai fost conștienți
    de înainte .

    My webpage http://u.skem9.co.uk/1hG.bmp (atrasdotrioeletrico.blogspot.fr)

    BalasHapus
  9. You can test the integration of this plugin in a few
    ways as well as directly from within the editor. This operates at a pixel resolution of 2592x1944 pixels.
    These things are a nice added bonus to consider while
    you’re having fun playing these free Android games.


    Visit my web blog Jurassic Park Builder Hack

    BalasHapus
  10. Often we hear experts in the media that report a certain stock is gonna soar and now is the time to get.
    An HVAC repair business is most often started with
    a technician who has learned the trade through previous employment.
    The business degree raises one's social standing: in short, it opens to suit your needs doors that
    would have otherwise remained closed to you.

    Look at my weblog; http://www.gizmodoctors.com

    BalasHapus
  11. I like the valuable information you provide in your articles.
    I will bookmark your weblog and check again here frequently.
    I'm quite sure I will learn a lot of new stuff right here!
    Best of luck for the next!

    My blog - mc 5 hack (aimhcks.com)

    BalasHapus

Sebagai Pengunjung yang baik berikanlah komentar anda untuk membantu meningkatkan trafic blog ini.Terima Kasih :)