Closed phryneas closed 9 years ago
Are you running
ruby wpstools.rb --clvf /var/www/vhosts/known-vulnerable.site/httpdocs/
on the server the wordpress is installed on? i.e. you've installed wpscan on that server and are running it on it, not running it over the Internet.
ruby wpstools.rb --cvru
Check all the vulnerabilities reference urls for 404
^ this is to check our vulnerability database reference URLs for 404's. This should only really be needed by devs.
There is documentation available on wpscan.org and in the README.md file:
-v, --verbose Verbose output
--check-vuln-ref-urls, --cvru Check all the vulnerabilities reference urls for 404
--check-local-vulnerable-files, --clvf LOCAL_DIRECTORY Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells
-s, --stats Show WpScan Database statistics.
--spellcheck, --sc Check all files for common spelling mistakes.
Also see wpstools.rb CLI output when run with no arguments.
$ ./wpstools.rb
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 2.7
Sponsored by Sucuri - https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________
[ERROR] No option supplied
Usage: ./wpstools.rb [options]
-v, --verbose Verbose output
--check-vuln-ref-urls, --cvru Check all the vulnerabilities reference urls for 404
--check-local-vulnerable-files, --clvf LOCAL_DIRECTORY Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells
-s, --stats Show WpScan Database statistics.
--spellcheck, --sc Check all files for common spelling mistakes.
The files checked can be found here: https://wpvulndb.com/data/local_vulnerable_files.xml
Don't expect this scan (./wpstools --clvf) to find what is found with the usual scan given that the local vulnerable db is no longer maintained
@ethicalhack3r yup, running it from the server
@erwanlr Oh, so it is only scanning for a small subset?
Well, definitely wasn't expecting that - I would have expected a more thorough test, running it non-blackbox. Could this be added to the documentation? It seems quite counter-intuitive.
Seems I'm back to pyfiscan & freewvs for automated reports from server-side. But nonetheless, this is a great tool for a blackbox check, thank you for your work!
We could probably move --check-vuln-ref-urls
to wpvulndb.
Deprecate --check-local-vulnerable-files
.
Remove --spellcheck
as it isn't greatly useful.
--stats
are already on wpvulndb - https://wpvulndb.com/statistics
Then get rid of wpstools?
:+1: @ethicalhack3r
@erwanlr what you reckon? Remove wpstools?
Yea, remove it :)
just for the record: I wrote a task on wpvulndb.com to daily check all references. Current problem: Packetstorm links are timing out :( rest works as intended
Hi, either I'm reading the documentation wrong or wpstools currently does nothing?
I'm running it like this:
Running wpscan on the same site from outside works fine:
Is there any undocumented step I'm missing? (and yes, I did the wpscan --update before running wpstool - maybe add that step to the readme?)
I tried running
ruby wpstools.rb --cvru
in case that does some internal database update, but that seems to fail half way through with a load of 404's.