Use API Token only on site that have outdated WordPress version or plugin

tristanlatr / WPWatcher

Wordpress Watcher is a wrapper for WPScan that manages scans on multiple sites and reports by email and/or syslog. Schedule scans and get notified when vulnerabilities, outdated plugins and other risks are found.

https://wpwatcher.readthedocs.io

Apache License 2.0

47 stars 18 forks source link

Use API Token only on site that have outdated WordPress version or plugin #8

Closed tristanlatr closed 4 years ago

tristanlatr commented 4 years ago

WPWatcher should be able to run scans without API token first and then use token on site that have outdated WordPress version or plugin only to save API calls .

Would need to do some research to see if that's a safe way to scan sites anyway.

Would not work if API Token is written to wpscan config file or environnement variable

tristanlatr commented 4 years ago

Question asked : https://github.com/wpscanteam/wpscan/issues/1482

tristanlatr commented 4 years ago

Introducing prescan_without_api_token option in version 2.0.4