wpscan-loop
WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.
Details
Category: Scanners
Publisher: trickest-mhmdiaa
Created Date: 7/24/2023
Container: quay.io/trickest/wpscan-loop:v3.8.24-patch-4
Source URL: https://github.com/wpscanteam/wpscan
Parameters
urls
file
requiredCommand:
- The URLs of the blogs to scan. Allowed Protocols: http, https. Default Protocol if none provided: http. This option is mandatory.force
boolean
Command:
--force
- Do not check if the target is running WordPress or returns a 403proxy
string
Command:
--proxy
- Format: protocol://IP:portscope
string
Command:
--scope
- 'Comma separated (sub-)domains to consider in scope. Wildcard(s) allowed in the trd of valid domains, e.g: *.target.tld. Separator to use between the values: ','vhost
string
Command:
--vhost
- The virtual host (Host header) to use in requestsformat
string
Command:
--format
- Output results in the format supplied. Available choices: cli, json, cli-no-colour, cli-no-colorserver
string
Command:
--server
- Force the supplied server module to be loaded. Available choices: apache, iis, nginxheaders
string
Command:
--headers
- Additional headers to append in requestsverbose
boolean
Command:
--verbose
- Verbose modestealthy
boolean
Command:
--stealthy
- Alias for --random-user-agent --detection-mode passive --plugins-version-detection passivethrottle
string
Command:
--throttle
- Milliseconds to wait before doing another web request. If used, the max threads will be set to 1.api-token
string
Command:
--api-token
- The WPScan API Token to display vulnerability data, available at https://wpscan.com/profilecache-dir
string
Command:
--cache-dir
- Default: /tmp/wpscan/cacheenumerate
string
Command:
--enumerate
- Enumeration Process. Available Choices: vp (Vulnerable plugins), ap (All plugins), p (Popular plugins), vt (Vulnerable themes), at (All themes), t (Popular themes), tt (Timthumbs), cb (Config backups), dbe (Db exports), u (User IDs range. e.g: u1-5. Range separator to use: '-'. Value if no argument supplied: 1-10), m (Media IDs range. e.g m1-15. Note: Permalink setting must be set to 'Plain' for those to be detected. Range separator to use: '-'. Value if no argument supplied: 1-100). Separator to use between the values: ','. Default: All Plugins, Config Backups. Value if no argument supplied: vp,vt,tt,cb,dbe,u,m.http-auth
string
Command:
--http-auth
- Format: login:passwordlogin-uri
string
Command:
--login-uri
- The URI of the login page if different from /wp-login.phpno-banner
boolean
Command:
--no-banner
- Don't display the bannerno-update
boolean
Command:
--no-update
- Do not update the Database.passwords
file
Command:
--passwords
- List of passwords to use during the password attack. If no --username/s option supplied, user enumeration will be run.proxy-auth
string
Command:
--proxy-auth
- Format: login:passworduser-agent
string
Command:
--user-agent
- User agentclear-cache
boolean
Command:
--clear-cache
- Clear the cache before the scanheader-file
file
Command:
--header-file
- Additional headers to append in requests (one per line)max-threads
string
Command:
--max-threads
- The max threads to use. Default: 5cookie-string
string
Command:
--cookie-string
- Cookie string to use in requests, format: cookie1=value1[; cookie2=value2detection-mode
string
Command:
--detection-mode
- Default: mixed. Available choices: mixed, passive, aggressivetimthumbs-list
file
Command:
--timthumbs-list
- List of timthumbs' location to useusernames-file
file
Command:
--usernames
- List of usernames to use during the password attack.wp-content-dir
string
Command:
--wp-content-dir
- The wp-content directory if custom or not detected, such as wp-contentwp-plugins-dir
string
Command:
--wp-plugins-dir
- The plugins directory if custom or not detected, such as wp-content/pluginswp-version-all
boolean
Command:
--wp-version-all
- Check all the version locationsdb-exports-list
file
Command:
--db-exports-list
- List of DB exports' paths to usepassword-attack
string
Command:
--password-attack
- Force the supplied attack to be used rather than automatically determining one. Multicall will only work against WP < 4.4. Available choices: wp-login, xmlrpc, xmlrpc-multicallrequest-timeout
string
Command:
--request-timeout
- The request timeout in seconds. Default: 60users-detection
string
Command:
--users-detection
- Use the supplied mode to enumerate Users, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressiveusers-list-file
file
Command:
--users-list
- List of users to check during the users enumeration from the Login Error Messagesmedias-detection
string
Command:
--medias-detection
- Use the supplied mode to enumerate Medias, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressivethemes-detection
string
Command:
--themes-detection
- Use the supplied mode to enumerate Themes, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressivethemes-list-file
file
Command:
--themes-list
- List of themes to enumerate.themes-threshold
string
Command:
--themes-threshold
- Raise an error when the number of detected themes via known locations reaches the threshold. Set to 0 to ignore the threshold. Default: 20user-agents-list
file
Command:
--user-agents-list
- List of agents to use with --random-user-agentusernames-string
string
Command:
--usernames
- List of usernames to use during the password attack. Examples: 'a1', 'a1,a2,a3'exclude-usernames
string
Command:
--exclude-usernames
- Exclude usernames matching the Regexp/string (case insensitive). Regexp delimiters are not required.max-scan-duration
string
Command:
--max-scan-duration
- Abort the scan if it exceeds the time provided in secondsplugins-detection
string
Command:
--plugins-detection
- Use the supplied mode to enumerate Plugins. Default: passive. Available choices: mixed, passive, aggressiveplugins-list-file
file
Command:
--plugins-list
- List of plugins to enumerate.plugins-threshold
string
Command:
--plugins-threshold
- Raise an error when the number of detected plugins via known locations reaches the threshold. Set to 0 to ignore the threshold. Default: 100random-user-agent
boolean
Command:
--random-user-agent
- Additional headers to append in requests. Separator to use between the headers: '; '. Examples: 'X-Forwarded-For: 127.0.0.1', 'X-Forwarded-For: 127.0.0.1; Another: aaa'users-list-string
string
Command:
--users-list
- List of users to check during the users enumeration from the Login Error Messages. Examples: 'a1', 'a1,a2,a3'cache-time-to-live
string
Command:
--cache-ttl
- The cache time to live in seconds. Default: 600connection-timeout
string
Command:
--connect-timeout
- The connection timeout in seconds. Default: 30disable-tls-checsk
boolean
Command:
--disable-tls-checks
- Disables SSL/TLS certificate verification, and downgrade to TLS1.0+ (requires cURL 7.66 for the latter)themes-list-string
string
Command:
--themes-list
- List of themes to enumerate. Examples: 'a1', 'a1,a2,a3'themes-version-all
boolean
Command:
--themes-version-all
- Check all the themes version locations according to the choosen mode (--detection-mode, --themes-detection and --themes-version-detection)config-backups-list
file
Command:
--config-backups-list
- List of config backups' filenames to use'plugins-list-string
string
Command:
--plugins-list
- List of plugins to enumerate. Examples: 'a1', 'a1,a2,a3'plugins-version-all
string
Command:
--plugins-version-all
- Check all the plugins version locations according to the choosen mode (--detection-mode, --plugins-detection and --plugins-version-detection)timthumbs-detection
string
Command:
--timthumbs-detection
- Use the supplied mode to enumerate Timthumbs, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressivedb-exports-detection
string
Command:
--db-exports-detection
- Use the supplied mode to enumerate DB Exports, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressiveignore-main-redirect
boolean
Command:
--ignore-main-redirect
- Ignore the main redirect (if any) and scan the target urlmain-theme-detection
string
Command:
--main-theme-detection
- Use the supplied mode for the Main theme detection, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressivewp-version-detection
string
Command:
--wp-version-detection
- Use the supplied mode for the WordPress version detection, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressiveexclude-content-based
string
Command:
--exclude-content-based
- Exclude all responses matching the Regexp (case insensitive) during parts of the enumeration. Both the headers and body are checked. Regexp delimiters are not required.multicall-max-passwords
string
Command:
--multicall-max-passwords
- Maximum number of passwords to send by request with XMLRPC multicall. Default: 500config-backups-detection
string
Command:
--config-backups-detection
- Use the supplied mode to enumerate Config Backups, instead of the global (--detection-mode) mode. Available choices: mixed, passive, aggressivethemes-version-detection
string
Command:
--themes-version-detection
- Use the supplied mode to check themes versions instead of the --detection-mode or --themes-detection modes. Available choices: mixed, passive, aggressivefile-to-read-write-cokies
file
Command:
--cookie-jar
- File to read and write cookiesplugins-version-detection
string
Command:
--plugins-version-detection
- Use the supplied mode to check plugins versions. Default: mixed. Available choices: mixed, passive, aggressiveinteresting-findings-detection
string
Command:
--interesting-findings-detection
- Use the supplied mode for the interesting findings detection. Available choices: mixed, passive, aggressive