search

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
https://wpscan.com/wordpress-cli-scanner
Other
8.51k stars 1.25k forks source link

Allow for simpler way to skip enumeration #1688

Open fitzg2 opened 2 years ago

fitzg2 commented 2 years ago

Is your feature request related to a problem? Please describe. Sometimes we have admin access to a certain amount of WP sites and want to skip enumeration in order to obtain faster results. Besides faster we also want more precise results. For example we have 12 and we get 6 with or without enumerating. Those other 6 could also be attack vectors. In our example WordFence gets ignored with or without enumeration.

Describe the solution you'd like Not sure. A plugin maybe that precisely lists all plugins and themes plus WP version? the information protected by IP whitelist. API access to WP? SSH access?

Describe alternatives you've considered None

Additional context None

erwanlr commented 2 years ago

It's quite unclear what you want here, you mention skipping the enumeration but still want to find more plugins. WPScan has a lot of options, the current default being set to provide the best trade between result and speed but you can change any of them to get more results and more accurate one, which will take more time though. wpscan --hh will list all available options

If you have admin access, then you could simply install our plugin - https://wordpress.org/plugins/wpscan/

vansh1 commented 2 years ago

can you tell how to skip enumerate I'm trying to bruteforce but its annoying everytime i have to do enumeration part ehich takes time

fitzg2 commented 2 years ago

@vansh1 your comment is even more unclear than mine. We have access to our sites as admin and want the scanner to login and get the plugins and themes instead of bruteforcing or scanning.

By the way we use a wp-scan wrapper called wp-watcher so idk who to talk to.

vansh1 commented 2 years ago

@fitzg2 sorry dude i came in between of your thread actually mine question is just as simple as i said i want to skip enumeration part while doing bruteforce, is it possible?

alexsanford commented 1 year ago

We have access to our sites as admin and want the scanner to login and get the plugins and themes instead of bruteforcing or scanning.

Flagging this as a feature request.

i want to skip enumeration part while doing bruteforce, is it possible?

Added a feature request here: https://github.com/wpscanteam/wpscan/issues/1802