Otherwise, WPScan can be used without charge under the terms set out below. The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2019 WPScan Team.Ĭases that include commercialization of WPScan require a commercial, non-free license. ** replace u1-100 with a range of your choice. If those files exist, options from the cli_options key will be loaded and overridden if found twice. WPScan can load all options (including the -url) from configuration files, the following locations are checked (order: first to last): On average, a WordPress website has 22 installed plugins.Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.When the daily 75 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Up to 75 API requests per day are given free of charge, that should be suitable to scan most WordPress websites at least once per day. An API token can be obtained by registering an account on.
For WPScan to retrieve the vulnerability data an API token must be supplied via the -api-token option, or via a configuration file, as discussed below. The WPScan CLI tool uses the WordPress Vulnerability Database API to retrieve WordPress vulnerability data in real time. The DB is located at ~/.wpscan/db Optional: WordPress Vulnerability Database API
If a more stealthy approach is required, then wpscan -stealthy -url blog.tld can be used.Īs a result, when using the -enumerate option, don't forget to set the -plugins-detection accordingly, as its default is 'passive'.įor more options, open a terminal and type wpscan -help (if you built wpscan from the source, you should type the command outside of the git repo) Potential config backup files will also be checked, along with other interesting findings. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Wpscan -url blog.tld This will scan the blog using default options with a good compromise between speed and accuracy. Usageįull user documentation can be found here Docker run -it -rm wpscanteam/wpscan -url -enumerate u1-100
0 kommentar(er)
