=====Man File===== WPSCAN(1) User Commands WPSCAN(1) NAME wpscan - WordPress Security Scanner SYNOPSIS wpscan [options] DESCRIPTION WordPress Security Scanner by the WPScan Team Sponsored by Sucuri - https://sucuri.net @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_ OPTIONS --url URL The URL of the blog to scan Allowed Protocols: http, https Default Pro‐ tocol if none provided: http This option is mandatory unless update or help or hh or version is/are supplied -h, --help Display the simple help and exit --hh Display the full help and exit --version Display the version and exit -v, --verbose Verbose mode --[no-]banner Whether or not to display the banner Default: true -o, --output FILE Output to FILE -f, --format FORMAT Output results in the format supplied Available choices: cli-no-colour, cli-no-color, json, cli --detection-mode MODE Default: mixed Available choices: mixed, passive, aggressive --user-agent, --ua VALUE --random-user-agent, --rua Use a random user-agent for each scan --http-auth login:password -t, --max-threads VALUE The max threads to use Default: 5 --throttle MilliSeconds Milliseconds to wait before doing another web request. If used, the max threads will be set to 1. --request-timeout SECONDS The request timeout in seconds Default: 60 --connect-timeout SECONDS The connection timeout in seconds Default: 30 --disable-tls-checks Disables SSL/TLS certificate verification --proxy protocol://IP:port Supported protocols depend on the cURL installed --proxy-auth login:password --cookie-string COOKIE Cookie string to use in requests, format: cookie1=value1[; cookie2=value2] --cookie-jar FILE-PATH File to read and write cookies Default: /tmp/wpscan/cookie_jar.txt --force Do not check if the target is running WordPress --[no-]update Whether or not to update the Database --wp-content-dir DIR --wp-plugins-dir DIR -e, --enumerate [OPTS] Enumeration Process Available Choices: vp Vulnerable plugins ap All plugins p Plugins vt Vulnerable themes at All themes t Themes tt Timthumbs cb Config backups dbe Db exports u User IDs range. e.g: u1-5 Range separator to use: '-' Value if no ar‐ gument supplied: 1-10 m Media IDs range. e.g m1-15 Note: Permalink setting must be set to "Plain" for those to be detected Range separator to use: '-' Value if no argument supplied: 1-100 Separator to use between the values: ',' Default: All Plugins, Config Backups Value if no argument supplied: vp,vt,tt,cb,dbe,u,m Incompatible choices (only one of each group/s can be used): - vp, ap, p - vt, at, t --exclude-content-based REGEXP_OR_STRING Exclude all responses matching the Regexp (case insensitive) during parts of the enumeration. Both the headers and body are checked. Reg‐ exp delimiters are not required. --plugins-detection MODE Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode. Default: passive Available choices: mixed, passive, aggressive --plugins-version-detection MODE Use the supplied mode to check plugins versions instead of the --detec‐ tion-mode or --plugins-detection modes. Default: mixed Available choices: mixed, passive, aggressive -P, --passwords FILE-PATH List of passwords to use during the password attack. If no --user‐ name/s option supplied, user enumeration will be run. -U, --usernames LIST List of usernames to use during the password attack. Examples: 'a1', 'a1,a2,a3', '/tmp/a.txt' --multicall-max-passwords MAX_PWD Maximum number of passwords to send by request with XMLRPC multicall Default: 500 --password-attack ATTACK Force the supplied attack to be used rather than automatically deter‐ mining one. Available choices: wp-login, xmlrpc, xmlrpc-multicall --stealthy Alias for --random-user-agent --detection-mode passive --plugins-ver‐ sion-detection passive To see full list of options use --hh. wpscan March 2019 WPSCAN(1)