|
README
wpscan readme
readme LICENSEWPScan - WordPress Security Scanner Copyright (C) 2011 Ryan Dewhurst AKA ethicalhack3r This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. ryandewhurst at gmail INSTALLWPScan comes pre-installed on BackTrack5 R1 in the /pentest/web/wpscan directory. WPScan has been tested on Ruby 1.8.7 and 1.9.3. Installing on Backtrack5 Gnome/KDE 32bit: sudo apt-get install libcurl4-gnutls-dev sudo gem install --user-install mime-types typhoeus xml-simple Installing on Debian/Ubuntu: sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby sudo gem install typhoeus xml-simple Installing on other nix: sudo gem install typhoeus xml-simple Installing on Windows: (not tested) gem install typhoeus ("Windows is not officially supported") gem install xml-simple Installing on Mac OSX: sudo gem install typhoeus xml-simple COMMANDS
EXAMPLES-h for further help. Examples: Do 'non-intrusive' checks... ruby ./wpscan.rb --url www.example.com Do wordlist password brute force on enumerated users using 50 threads... ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50 Do wordlist password brute force on the 'admin' username only... ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin Generate a new 'most popular' plugin list, up to 150 pages... ruby ./wpscan.rb --generate_plugin_list 150 Enumerate instaled plugins... ruby ./wpscan.rb --url www.example.com --enumerate p See README for further information. PROJECT HOMEhttp://code.google.com/p/wpscan/ SUBVERSION REPOSITORYsvn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only ISSUEShttp://code.google.com/p/wpscan/issues/list SPONSORWPScan is sponsored by the RandomStorm Open Source Initiative. Visit RandomStorm at http://www.randomstorm.com | ||||||||||||||||||||||||
► Sign in to add a comment
This appears to work for F15: 'sudo yum install rubygem-typhoeus rubygem-xml-simple'
windows?? How to install it on windows. I didn't get your windows installation procedure. Well, it worked nice on BT5
I have not tested on Windows. If you get it working, please post the instructions! :)
use ubuntu...
Ok well I am a little confused, installed BT5 etc but when I try to use this I get a "No such file or directory". I have to admit this is quite new to me but it is fascinating me lol.
Detailed and well HowTo? is written is available on http://www.hackersgarage.com/wpscan-wordpress-security-scanner.html
I guess it's more of the backtrack that has me confused. I installed backtrack but I'm not sure where the directory is or should be?
I works on a mac with:
sudo gem install typhoeus
sudo gem install xml-simple
This thing is awesome
cd /pentest/web/wpscan/ on BT5 R1
I like it ,thanks
Thank you~
cant install sudo gem install typhoeus & sudo gem install xml-simple on Ubuntu 10.04.. error : "sudo: gem: command not found"
How to install on Windows (Verified on x64 and x86 Windows 7)
Step 1: Download and install the latest ruby (current direct link below): http://rubyforge.org/frs/download.php/75465/rubyinstaller-1.9.3-p0.exe
Step 2: Next download the Ruby Dev-Kit (current direct link below): https://github.com/downloads/oneclick/rubyinstaller/DevKit-tdm-32-4.5.2-20111229-1559-sfx.exe
Open the SFX EXE, when promoted to provide a directory path type in the following:
C:\Ruby193\Dev-Kit\
This will simply create a new folder in your ruby root directory. If you have 7zip you can simply create a new folder called Dev-Kit and extract the files manually into this folder.
Step 3: Next you must install the Dev-Kit, which is explained on the official website, but I will give you the steps here for the exact results that I’ve achieved.
- Open cmd (must run as administrator). - Type in the following commands:
cd C:\Ruby193\Dev-Kit ruby dk.rb init ruby dk.rb install
NOTE: It should output “INFO? Installing 'C:/Ruby193/lib/ruby/site_ruby/devkit.rb'” after running install, which is normal and should be successful.
Step 4: Next we need to install a required gem for wpscan. Type the following in the command console:
gem install xml-simple
Step 5: Download the latest version of curl devel mingw32 (current direct link below): http://www.gknw.de/mirror/curl/win32/curl-7.23.1-devel-mingw32.zip
Step 6: Using 7zip (or whatever extraction tool you have) extract the zip file to the following location:
C:\Ruby193\lib\ruby\gems\1.9.1\gems\
In the end, you should have a new folder called curl-7.23.1-devel-mingw32.
Browse to C:\Ruby193\lib\ruby\gems\1.9.1\gems\curl-7.23.1-devel-mingw32\bin
Copy all of the files in this current folder over to C:\Ruby193\bin. If asked to over-write a file, just choose Yes (I've never hada ny issues).
Step 7: Now it's time to actually install typhoeus. So, with your command prompt still open, type in the following command:
gem install typhoeus -- --with-opt-include='C:\Ruby193\lib\ruby\gems\1.9.1\gems\curl-7.23.1-devel-mingw32\include' --with-opt-lib='C:\Ruby193\lib\ruby\gems\1.9.1\gems\curl-7.23.1-devel-mingw32\bin'
Step 8 (FINAL): Now just simply download the svn with any SVN client that you have, if you're unfamiliar with SVN I uploaded the 7zip of the whole package (http://www.mediafire.com/?40uvu42hp09wpo1), just simply unzip it to any location (preferably C:\Ruby193\ to remember it's location).
Open up a command prompt, type in cd C:\Ruby193\wpscan1.1 (or whatever you named the folder).
Type in wpscan and presto! It all should work fine now.
Everything should install perfectly! The only issue I have come across is a couple errors that report "The system cannot find the path specified", but it's never screwed with the functionality of the program.
Good luck, hope this helps out fellow Windows users looking to take advantage of this awesome tool.
Ok so I finally got this working BUT I am unsure as to whether it's doing the password thing because I see this......
Bruteforcing johnjones with 1707657 passwods... ERROR: We sent a blank password. ERROR: We sent a blank password. ERROR: We sent a blank password. ERROR: We sent a blank password. ERROR: We sent a blank password.
I did not make a type with the passwods thing that's how it looks to me lol. I got the usernames but like I say it's just the passwords but maybe I just have to wait?
Ok it seems I just have to be patient.
What am I doing wrong for Windows?
C:\Ruby193\Dev-Kit>ruby dk.rb init ruby dk.rb install
Configures an MSYS/MinGW based Development Kit (DevKit?) for each of the Ruby installations on your Windows system. The DevKit? enables you to build many of the available native RubyGems? that don't yet have a binary gem.
Usage: ruby dk.rb COMMAND options?
where COMMAND is one of:
and 'install' options? are:
Hmm I'm getting closer lol.
C:\Ruby193\Dev-Kit>gem install xml-simple 'gem' is not recognized as an internal or external command, operable program or batch file.
Ok gems installed :D
cd C:\Ruby193\Dev-Kit and THEN ruby dk.rb init and THEN ruby dk.rb install
Sorry for the confusion. It formatted my text wrong and still wont break after each return... Even tried HTML.. No luck.
It's cool txt I got it all installed and working :)
hmm please help!!! i have problem, when i try to bruteforce username...
i used this syntax::
ruby ./wpscan.rb --url http://xxx.ac.id/ --wordlist darkc0de.lst --username ariof05
and result::
ERROR? The file "darkc0de.lst" does not exist.
::::
what i can do for this problem???
i used BT 5 KDE...
www.gknw.de/mirror/curl/win32/curl-7.23.1-devel-mingw32.zip <--- the link couldnt load. Got any other link for dl?
please how to uninstall wpscan on mac ?