Details

Category: Scanners

Publisher: trickest-mhmdiaa

Created Date: 2/5/2022

Container: quay.io/trickest/wpscan:v3.8.24-patch-1

Source URL: https://github.com/wpscanteam/wpscan

Parameters

url
string
required
Command: --url - The URL of the blog to scan. Allowed Protocols: http, https. Default Protocol if none provided: http. This option is mandatory.
force
boolean
Command: --force - Do not check if the target is running WordPress or returns a 403
proxy
string
Command: --proxy - Format: protocol://IP:port
scope
string
Command: --scope - 'Comma separated (sub-)domains to consider in scope. Wildcard(s) allowed in the trd of valid domains, e.g: *.target.tld. Separator to use between the values: ','
vhost
string
Command: --vhost - The virtual host (Host header) to use in requests
format
string
Command: --format - Output results in the format supplied. Available choices: cli, json, cli-no-colour, cli-no-color
server
string
Command: --server - Force the supplied server module to be loaded. Available choices: apache, iis, nginx
headers
string
Command: --headers - Additional headers to append in requests
verbose
boolean
Command: --verbose - Verbose mode
stealthy
boolean
Command: --stealthy - Alias for --random-user-agent --detection-mode passive --plugins-version-detection passive
throttle
string
Command: --throttle - Milliseconds to wait before doing another web request. If used, the max threads will be set to 1.
api-token
string
Command: --api-token - The WPScan API Token to display vulnerability data, available at https://wpscan.com/profile
cache-dir
string
Command: --cache-dir - Default: /tmp/wpscan/cache
enumerate
string
Command: --enumerate - Enumeration Process. Available Choices: vp (Vulnerable plugins), ap (All plugins), p (Popular plugins), vt (Vulnerable themes), at (All themes), t (Popular themes), tt (Timthumbs), cb (Config backups), dbe (Db exports), u (User IDs range. e.g: u1-5. Range separator to use: '-'. Value if no argument supplied: 1-10), m (Media IDs range. e.g m1-15. Note: Permalink setting must be set to 'Plain' for those to be detected. Range separator to use: '-'. Value if no argument supplied: 1-100). Separator to use between the values: ','. Default: All Plugins, Config Backups. Value if no argument supplied: vp,vt,tt,cb,dbe,u,m.
http-auth
string
Command: --http-auth - Format: login:password
login-uri
string
Command: --login-uri - The URI of the login page if different from /wp-login.php
no-banner
boolean
Command: --no-banner - Don't display the banner
no-update
boolean
Command: --no-update - Do not update the Database.
passwords
file
Command: --passwords - List of passwords to use during the password attack. If no --username/s option supplied, user enumeration will be run.
proxy-auth
string
Command: --proxy-auth - Format: login:password
user-agent
string
Command: --user-agent - User agent
clear-cache
boolean
Command: --clear-cache - Clear the cache before the scan
max-threads
string
Command: --max-threads - The max threads to use. Default: 5
Command: --cookie-string - Cookie string to use in requests, format: cookie1=value1[; cookie2=value2
detection-mode
string
Command: --detection-mode - Default: mixed. Available choices: mixed, passive, aggressive
timthumbs-list
file
Command: --timthumbs-list - List of timthumbs' location to use
usernames-file
file
Command: --usernames - List of usernames to use during the password attack.
wp-content-dir
string
Command: --wp-content-dir - The wp-content directory if custom or not detected, such as wp-content
wp-plugins-dir
string
Command: --wp-plugins-dir - The plugins directory if custom or not detected, such as wp-content/plugins
wp-version-all
boolean
Command: --wp-version-all - Check all the version locations
db-exports-list
file
Command: --db-exports-list - List of DB exports' paths to use
password-attack
string
Command: --password-attack - Force the supplied attack to be used rather than automatically determining one. Multicall will only work against WP < 4.4. Available choices: wp-login, xmlrpc, xmlrpc-multicall
request-timeout
string
Command: --request-timeout - The request timeout in seconds. Default: 60
users-detection
string
Command: --users-detection - Use the supplied mode to enumerate Users, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressive
users-list-file
file
Command: --users-list - List of users to check during the users enumeration from the Login Error Messages
medias-detection
string
Command: --medias-detection - Use the supplied mode to enumerate Medias, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressive
themes-detection
string
Command: --themes-detection - Use the supplied mode to enumerate Themes, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressive
themes-list-file
file
Command: --themes-list - List of themes to enumerate.
themes-threshold
string
Command: --themes-threshold - Raise an error when the number of detected themes via known locations reaches the threshold. Set to 0 to ignore the threshold. Default: 20
user-agents-list
file
Command: --user-agents-list - List of agents to use with --random-user-agent
usernames-string
string
Command: --usernames - List of usernames to use during the password attack. Examples: 'a1', 'a1,a2,a3'
exclude-usernames
string
Command: --exclude-usernames - Exclude usernames matching the Regexp/string (case insensitive). Regexp delimiters are not required.
max-scan-duration
string
Command: --max-scan-duration - Abort the scan if it exceeds the time provided in seconds
plugins-detection
string
Command: --plugins-detection - Use the supplied mode to enumerate Plugins. Default: passive. Available choices: mixed, passive, aggressive
plugins-list-file
file
Command: --plugins-list - List of plugins to enumerate.
plugins-threshold
string
Command: --plugins-threshold - Raise an error when the number of detected plugins via known locations reaches the threshold. Set to 0 to ignore the threshold. Default: 100
random-user-agent
boolean
Command: --random-user-agent - Additional headers to append in requests. Separator to use between the headers: '; '. Examples: 'X-Forwarded-For: 127.0.0.1', 'X-Forwarded-For: 127.0.0.1; Another: aaa'
users-list-string
string
Command: --users-list - List of users to check during the users enumeration from the Login Error Messages. Examples: 'a1', 'a1,a2,a3'
cache-time-to-live
string
Command: --cache-ttl - The cache time to live in seconds. Default: 600
connection-timeout
string
Command: --connect-timeout - The connection timeout in seconds. Default: 30
disable-tls-checsk
boolean
Command: --disable-tls-checks - Disables SSL/TLS certificate verification, and downgrade to TLS1.0+ (requires cURL 7.66 for the latter)
themes-list-string
string
Command: --themes-list - List of themes to enumerate. Examples: 'a1', 'a1,a2,a3'
themes-version-all
boolean
Command: --themes-version-all - Check all the themes version locations according to the choosen mode (--detection-mode, --themes-detection and --themes-version-detection)
config-backups-list
file
Command: --config-backups-list - List of config backups' filenames to use'
plugins-list-string
string
Command: --plugins-list - List of plugins to enumerate. Examples: 'a1', 'a1,a2,a3'
plugins-version-all
string
Command: --plugins-version-all - Check all the plugins version locations according to the choosen mode (--detection-mode, --plugins-detection and --plugins-version-detection)
timthumbs-detection
string
Command: --timthumbs-detection - Use the supplied mode to enumerate Timthumbs, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressive
db-exports-detection
string
Command: --db-exports-detection - Use the supplied mode to enumerate DB Exports, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressive
ignore-main-redirect
boolean
Command: --ignore-main-redirect - Ignore the main redirect (if any) and scan the target url
main-theme-detection
string
Command: --main-theme-detection - Use the supplied mode for the Main theme detection, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressive
wp-version-detection
string
Command: --wp-version-detection - Use the supplied mode for the WordPress version detection, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressive
exclude-content-based
string
Command: --exclude-content-based - Exclude all responses matching the Regexp (case insensitive) during parts of the enumeration. Both the headers and body are checked. Regexp delimiters are not required.
multicall-max-passwords
string
Command: --multicall-max-passwords - Maximum number of passwords to send by request with XMLRPC multicall. Default: 500
config-backups-detection
string
Command: --config-backups-detection - Use the supplied mode to enumerate Config Backups, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressive
themes-version-detection
string
Command: --themes-version-detection - Use the supplied mode to check themes versions instead of the --detection-mode or --themes-detection modes. Available choices: mixed, passive, aggressive
file-to-read-write-cokies
file
Command: --cookie-jar - File to read and write cookies
plugins-version-detection
string
Command: --plugins-version-detection - Use the supplied mode to check plugins versions. Default: mixed. Available choices: mixed, passive, aggressive
interesting-findings-detection
string
Command: --interesting-findings-detection - Use the supplied mode for the interesting findings detection. Available choices: mixed, passive, aggressive