search

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
https://wpscan.com/wordpress-cli-scanner
Other
8.54k stars 1.26k forks source link

Using proxy to access target without internet #1834

Open melid404 opened 6 months ago

melid404 commented 6 months ago

Hello,

I have a web site to scan which is accessible only using a local proxy. I would like to scan all plugins on that web site, so I need to use the api-token I already have.

If I use the following command, it's doing a basic scan: wpscan --url http://target.local --proxy socks5://127.0.0.1:1080

However, I don't have internet access when using the proxy, so if I want to use -api-token parameter, wpscan fails to connect to wpscan.com.

Is there any way to get wpscan to use the proxy only for accessing the target but not api-token validation?

rascapac commented 2 months ago

Same problem here. Can we have an option to either use an offline database downloaded with the API key, or only send the scan to the proxy but leave the vulnerabilites checking outside the proxy.