search

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
https://wpscan.com/wordpress-cli-scanner
Other
8.63k stars 1.27k forks source link

Scan Aborted: The number of plugins detected reached the threshold of 100 which might indicate False Positive. It would be recommended to use the --exclude-content-based option to ignore the bad responses. #1862

Open SandiyosDev opened 2 months ago

SandiyosDev commented 2 months ago

Scan aborted due to forced threshold set for plugin detections

WPScan: 3.8.27 (Docker) (Latest) docker run -it --rm wpscanteam/wpscan --url (redacted) -e vp --plugins-detection 'aggressive' --api-token (redacted) --exclude-content-based 'not found' --wp-plugins-dir 'app/plugins'

Steps to reproduce

I'd exclude my site URL here, but we do indeed have over 100 plugins installed, lots of them are Slider Revolution AddOns that are required to install as dedicated plugins.

Expected behavior

What's expected is to have the ability to manually override this default behavior

Actual behavior

image During Scan, I encountered the error message Scan Aborted: The number of plugins detected reached the threshold of 100 which might indicate False Positive. It would be recommended to use the --exclude-content-based option to ignore the bad responses.

What have you already tried

There's no relevant documentation to override this behavior.

uqahump3 commented 1 month ago

wpscan --hh has more options. What you are looking for appears to be 

        --plugins-threshold THRESHOLD             Raise an error when the number of detected plugins via known locations reaches the threshold. Set to 0 to ignore the threshold.
                                                  Default: 100