http://vipscu.blog.163.com/blog/static/18180837220122139348819/
WPScan 基本功能:
- Wordpress 版本检测和主题检测
- Wordpress 插件安全检测
- 密码的暴力破解
- 可以指定代理
--url The WordPress URL/domain to scan.
--enumerate Enumeration.
u users
v version
p plugins
t timthumb
--wordlist Supply a wordlist for the password bruter and do the brute.
--threads The number of threads to use when multi-threading requests.
--username Only brute force the supplied username.
--generate_plugin_list Generate a new data/plugins.txt file. (supply number of pages to parse)
-h This help screen.
-v Verbose output.
ruby ./wpscan.rb --url www.example.com
Do wordlist password brute force on enumerated users using 50 threads...
ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
Do wordlist password brute force on the 'admin' username only...
ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
Generate a new 'most popular' plugin list, up to 150 pages...
ruby ./wpscan.rb --generate_plugin_list 150
Enumerate instaled plugins...
ruby ./wpscan.rb --url www.example.com --enumerate p
root@bt:/pentest/web/wpscan# ruby wpscan.rb -h
____________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_| v1.1
WordPress Security Scanner by ethicalhack3r.co.uk
Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________
Help:
--url The WordPress URL/domain to scan.
--enumerate Enumeration.
u users
v version
p plugins
t timthumb
--wordlist Supply a wordlist for the password bruter and do the brute.
--threads The number of threads to use when multi-threading requests.
--username Only brute force the supplied username.
--generate_plugin_list Generate a new data/plugins.txt file. (supply number of *pages* to parse)
--force Forces WPScan to not check if the remote site is running WordPress.
-h This help screen.
-v Verbose output.
https://github.com/wpscanteam/wpscan