wpscan
WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.
Name:wpscan
Category:Scanners
Publisher:trickest-mhmdiaa
Created:2/5/2022
Container:
quay.io/trickest/wpscan:v3.8.24-patch-1Output Type:
License:Unknown
Source:View Source
Parameters
--urlThe URL of the blog to scan. Allowed Protocols: http, https. Default Protocol if none provided: http. This option is mandatory.--forceDo not check if the target is running WordPress or returns a 403--proxyFormat: protocol://IP:port--scope'Comma separated (sub-)domains to consider in scope. Wildcard(s) allowed in the trd of valid domains, e.g: *.target.tld. Separator to use between the values: ','--vhostThe virtual host (Host header) to use in requests--formatOutput results in the format supplied. Available choices: cli, json, cli-no-colour, cli-no-color--serverForce the supplied server module to be loaded. Available choices: apache, iis, nginx--headersAdditional headers to append in requests--verboseVerbose mode--stealthyAlias for --random-user-agent --detection-mode passive --plugins-version-detection passive--throttleMilliseconds to wait before doing another web request. If used, the max threads will be set to 1.--api-tokenThe WPScan API Token to display vulnerability data, available at https://wpscan.com/profile--cache-dirDefault: /tmp/wpscan/cache--enumerateEnumeration Process. Available Choices: vp (Vulnerable plugins), ap (All plugins), p (Popular plugins), vt (Vulnerable themes), at (All themes), t (Popular themes), tt (Timthumbs), cb (Config backups), dbe (Db exports), u (User IDs range. e.g: u1-5. Range separator to use: '-'. Value if no argument supplied: 1-10), m (Media IDs range. e.g m1-15. Note: Permalink setting must be set to 'Plain' for those to be detected. Range separator to use: '-'. Value if no argument supplied: 1-100). Separator to use between the values: ','. Default: All Plugins, Config Backups. Value if no argument supplied: vp,vt,tt,cb,dbe,u,m.--http-authFormat: login:password--login-uriThe URI of the login page if different from /wp-login.php--no-bannerDon't display the banner--no-updateDo not update the Database.--passwordsList of passwords to use during the password attack. If no --username/s option supplied, user enumeration will be run.--proxy-authFormat: login:password--user-agentUser agent--clear-cacheClear the cache before the scan--max-threadsThe max threads to use. Default: 5--cookie-stringCookie string to use in requests, format: cookie1=value1[; cookie2=value2--detection-modeDefault: mixed. Available choices: mixed, passive, aggressive--timthumbs-listList of timthumbs' location to use--usernamesList of usernames to use during the password attack.--wp-content-dirThe wp-content directory if custom or not detected, such as wp-content--wp-plugins-dirThe plugins directory if custom or not detected, such as wp-content/plugins--wp-version-allCheck all the version locations--db-exports-listList of DB exports' paths to use--password-attackForce the supplied attack to be used rather than automatically determining one. Multicall will only work against WP < 4.4. Available choices: wp-login, xmlrpc, xmlrpc-multicall--request-timeoutThe request timeout in seconds. Default: 60--users-detectionUse the supplied mode to enumerate Users, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressive--users-listList of users to check during the users enumeration from the Login Error Messages--medias-detectionUse the supplied mode to enumerate Medias, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressive--themes-detectionUse the supplied mode to enumerate Themes, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressive--themes-listList of themes to enumerate.--themes-thresholdRaise an error when the number of detected themes via known locations reaches the threshold. Set to 0 to ignore the threshold. Default: 20--user-agents-listList of agents to use with --random-user-agent--usernamesList of usernames to use during the password attack. Examples: 'a1', 'a1,a2,a3'--exclude-usernamesExclude usernames matching the Regexp/string (case insensitive). Regexp delimiters are not required.--max-scan-durationAbort the scan if it exceeds the time provided in seconds--plugins-detectionUse the supplied mode to enumerate Plugins. Default: passive. Available choices: mixed, passive, aggressive--plugins-listList of plugins to enumerate.--plugins-thresholdRaise an error when the number of detected plugins via known locations reaches the threshold. Set to 0 to ignore the threshold. Default: 100--random-user-agentAdditional headers to append in requests. Separator to use between the headers: '; '. Examples: 'X-Forwarded-For: 127.0.0.1', 'X-Forwarded-For: 127.0.0.1; Another: aaa'--users-listList of users to check during the users enumeration from the Login Error Messages. Examples: 'a1', 'a1,a2,a3'--cache-ttlThe cache time to live in seconds. Default: 600--connect-timeoutThe connection timeout in seconds. Default: 30--disable-tls-checksDisables SSL/TLS certificate verification, and downgrade to TLS1.0+ (requires cURL 7.66 for the latter)--themes-listList of themes to enumerate. Examples: 'a1', 'a1,a2,a3'--themes-version-allCheck all the themes version locations according to the choosen mode (--detection-mode, --themes-detection and --themes-version-detection)--config-backups-listList of config backups' filenames to use'--plugins-listList of plugins to enumerate. Examples: 'a1', 'a1,a2,a3'--plugins-version-allCheck all the plugins version locations according to the choosen mode (--detection-mode, --plugins-detection and --plugins-version-detection)--timthumbs-detectionUse the supplied mode to enumerate Timthumbs, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressive--db-exports-detectionUse the supplied mode to enumerate DB Exports, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressive--ignore-main-redirectIgnore the main redirect (if any) and scan the target url--main-theme-detectionUse the supplied mode for the Main theme detection, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressive--wp-version-detectionUse the supplied mode for the WordPress version detection, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressive--exclude-content-basedExclude all responses matching the Regexp (case insensitive) during parts of the enumeration. Both the headers and body are checked. Regexp delimiters are not required.--multicall-max-passwordsMaximum number of passwords to send by request with XMLRPC multicall. Default: 500--config-backups-detectionUse the supplied mode to enumerate Config Backups, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressive--themes-version-detectionUse the supplied mode to check themes versions instead of the --detection-mode or --themes-detection modes. Available choices: mixed, passive, aggressive--cookie-jarFile to read and write cookies--plugins-version-detectionUse the supplied mode to check plugins versions. Default: mixed. Available choices: mixed, passive, aggressive--interesting-findings-detectionUse the supplied mode for the interesting findings detection. Available choices: mixed, passive, aggressive