wpscan使用方法

http://vipscu.blog.163.com/blog/static/18180837220122139348819/

WPScan 基本功能：

1. Wordpress 版本检测和主题检测
2. Wordpress 插件安全检测
3. 密码的暴力破解
4. 可以指定代理

　　

　　源码获取地址： http://code.google.com/p/wpscan/source/checkout

　　

　　常用命令：

--url

The WordPress URL/domain to scan.

--enumerate

Enumeration.

u

users

v

version

p

plugins

t

timthumb

--wordlist

Supply a wordlist for the password bruter and do the brute.

--threads

The number of threads to use when multi-threading requests.

--username

Only brute force the supplied username.

--generate_plugin_list

Generate a new data/plugins.txt file. (supply number of pages to parse)

-h	This help screen.

-v	Verbose output.

　　

　　实例：

ruby ./wpscan.rb --url www.example.com

Do wordlist password brute force on enumerated users using 50 threads...
ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50

Do wordlist password brute force on the 'admin' username only...
ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin

Generate a new 'most popular' plugin list, up to 150 pages...
ruby ./wpscan.rb --generate_plugin_list 150

Enumerate instaled plugins...
ruby ./wpscan.rb --url www.example.com --enumerate p

root@bt:/pentest/web/wpscan# ruby wpscan.rb -h

____________________________________________________
 __          _______   _____                  
 \ \        / /  __ \ / ____|                 
  \ \  /\  / /| |__) | (___   ___  __ _ _ __  
   \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
    \  /\  /  | |     ____) | (__| (_| | | | |
     \/  \/   |_|    |_____/ \___|\__,_|_| |_| v1.1

  WordPress Security Scanner by ethicalhack3r.co.uk
 Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________




Help:

--url                           The WordPress URL/domain to scan.
--enumerate                     Enumeration.
u                               users
v                               version
p                               plugins
t                               timthumb
--wordlist                      Supply a wordlist for the password bruter and do the brute.
--threads                       The number of threads to use when multi-threading requests.
--username                      Only brute force the supplied username.
--generate_plugin_list          Generate a new data/plugins.txt file. (supply number of *pages* to parse)
--force                         Forces WPScan to not check if the remote site is running WordPress.
-h                              This help screen.
-v                              Verbose output.

http://wpscan.org/

https://github.com/wpscanteam/wpscan