{
	"id": "28c18c2f-dc55-4b17-9c35-49b3d17dcc1e",
	"created_at": "2026-04-06T00:17:25.098857Z",
	"updated_at": "2026-04-10T03:21:52.318452Z",
	"deleted_at": null,
	"sha1_hash": "708185e9230b2b1a42fc61cc41c36f73e7fc1dec",
	"title": "GitHub - wpscanteam/wpscan: WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 133252,
	"plain_text": "GitHub - wpscanteam/wpscan: WPScan WordPress security\r\nscanner. Written for security professionals and blog maintainers to\r\ntest the security of their WordPress websites. Contact us via\r\ncontact@wpscan.com\r\nBy erwanlr\r\nArchived: 2026-04-05 16:36:04 UTC\r\nWPScan\r\n ddoocckkeerr ppuullllss 2.4M\r\nBuild failing\r\n \r\nINSTALL\r\nPrerequisites\r\n(Optional but highly recommended: RVM)\r\nRuby \u003e= 3.0 - Recommended: latest\r\nCurl \u003e= 7.72 - Recommended: latest\r\nThe 7.29 has a segfault\r\nThe \u003c 7.72 could result in Stream error in the HTTP/2 framing layer in some cases\r\nRubyGems - Recommended: latest\r\nNokogiri might require packages to be installed via your package manager depending on your OS, see\r\nhttps://nokogiri.org/tutorials/installing_nokogiri.html\r\nIn a Pentesting distribution\r\nhttps://github.com/wpscanteam/wpscan\r\nPage 1 of 6\n\nWhen using a pentesting distribution (such as Kali Linux), it is recommended to install/update wpscan via the\r\npackage manager if available.\r\nIn macOSX via Homebrew\r\nbrew install wpscanteam/tap/wpscan\r\nFrom RubyGems\r\nOn MacOSX, if a Gem::FilePermissionError is raised due to the Apple's System Integrity Protection (SIP),\r\neither install RVM and install wpscan again, or run sudo gem install -n /usr/local/bin wpscan (see #1286)\r\nUpdating\r\nYou can update the local database by using wpscan --update\r\nUpdating WPScan itself is either done via gem update wpscan or the packages manager (this is quite important\r\nfor distributions such as in Kali Linux: apt-get update \u0026\u0026 apt-get upgrade ) depending on how WPScan was\r\n(pre)installed\r\nDocker\r\nPull the repo with docker pull wpscanteam/wpscan\r\nEnumerating usernames\r\ndocker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u\r\nEnumerating a range of usernames\r\ndocker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-100\r\n** replace u1-100 with a range of your choice.\r\nUsage\r\nFull user documentation can be found here; https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation\r\nwpscan --url blog.tld This will scan the blog using default options with a good compromise between speed\r\nand accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode\r\n(passively + aggressively). Potential config backup files will also be checked, along with other interesting\r\nfindings.\r\nhttps://github.com/wpscanteam/wpscan\r\nPage 2 of 6\n\nIf a more stealthy approach is required, then wpscan --stealthy --url blog.tld can be used. As a result, when\r\nusing the --enumerate option, don't forget to set the --plugins-detection accordingly, as its default is\r\n'passive'.\r\nFor more options, open a terminal and type wpscan --help (if you built wpscan from the source, you should type\r\nthe command outside of the git repo)\r\nThe DB is located at ~/.wpscan/db\r\nOptional: WordPress Vulnerability Database API\r\nThe WPScan CLI tool uses the WordPress Vulnerability Database API to retrieve WordPress vulnerability data in\r\nreal time. For WPScan to retrieve the vulnerability data an API token must be supplied via the --api-token\r\noption, or via a configuration file, as discussed below. An API token can be obtained by registering an account on\r\nWPScan.com.\r\nUp to 25 API requests per day are given free of charge, that should be suitable to scan most WordPress websites at\r\nleast once per day. When the daily 25 API requests are exhausted, WPScan will continue to work as normal but\r\nwithout any vulnerability data.\r\nHow many API requests do you need?\r\nOur WordPress scanner makes one API request for the WordPress version, one request per installed plugin\r\nand one request per installed theme.\r\nOn average, a WordPress website has 22 installed plugins.\r\nLoad CLI options from file/s\r\nWPScan can load all options (including the --url ) from configuration files, the following locations are checked\r\n(order: first to last):\r\n~/.wpscan/scan.json\r\n~/.wpscan/scan.yml\r\npwd/.wpscan/scan.json\r\npwd/.wpscan/scan.yml\r\nIf those files exist, options from the cli_options key will be loaded and overridden if found twice.\r\ne.g:\r\n~/.wpscan/scan.yml :\r\ncli_options:\r\n proxy: 'http://127.0.0.1:8080'\r\n verbose: true\r\nhttps://github.com/wpscanteam/wpscan\r\nPage 3 of 6\n\npwd/.wpscan/scan.yml :\r\ncli_options:\r\n proxy: 'socks5://127.0.0.1:9090'\r\n url: 'http://target.tld'\r\nRunning wpscan in the current directory (pwd), is the same as wpscan -v --proxy socks5://127.0.0.1:9090 --\r\nurl http://target.tld\r\nOther command line options can be added by using snake case convention. e.g:\r\ncli_options:\r\n user_agent: \"Testing UA\"\r\n max_threads: 1\r\n headers: \"Custom-Header: aaaa; Another Header: bbb\"\r\nSave API Token in a file\r\nThe feature mentioned above is useful to keep the API Token in a config file and not have to supply it via the CLI\r\neach time. To do so, create the ~/.wpscan/scan.yml file containing the below:\r\ncli_options:\r\n api_token: 'YOUR_API_TOKEN'\r\nLoad API Token From ENV (since v3.7.10)\r\nThe API Token will be automatically loaded from the ENV variable WPSCAN_API_TOKEN if present. If the --api-token CLI option is also provided, the value from the CLI will be used.\r\nEnumerating usernames\r\nwpscan --url https://target.tld/ --enumerate u\r\nEnumerating a range of usernames\r\nwpscan --url https://target.tld/ --enumerate u1-100\r\n** replace u1-100 with a range of your choice.\r\nLICENSE\r\nWPScan Public Source License\r\nhttps://github.com/wpscanteam/wpscan\r\nPage 4 of 6\n\nThe WPScan software (henceforth referred to simply as \"WPScan\") is dual-licensed - Copyright 2011-2019\r\nWPScan Team.\r\nCases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can\r\nbe used without charge under the terms set out below.\r\n1. Definitions\r\n1.1 \"License\" means this document.\r\n1.2 \"Contributor\" means each individual or legal entity that creates, contributes to the creation of, or owns\r\nWPScan.\r\n1.3 \"WPScan Team\" means WPScan’s core developers.\r\n2. Commercialization\r\nA commercial use is one intended for commercial advantage or monetary compensation.\r\nExample cases of commercialization are:\r\nUsing WPScan to provide commercial managed/Software-as-a-Service services.\r\nDistributing WPScan as a commercial product or as part of one.\r\nUsing WPScan as a value added service/product.\r\nExample cases which do not require a commercial license, and thus fall under the terms set out below, include (but\r\nare not limited to):\r\nPenetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit.\r\nPenetration Testing Linux Distributions including but not limited to Kali Linux, SamuraiWTF, BackBox\r\nLinux.\r\nUsing WPScan to test your own systems.\r\nAny non-commercial use of WPScan.\r\nIf you need to purchase a commercial license or are unsure whether you need to purchase a commercial license\r\ncontact us - contact@wpscan.com.\r\nFree-use Terms and Conditions;\r\n3. Redistribution\r\nRedistribution is permitted under the following conditions:\r\nUnmodified License is provided with WPScan.\r\nUnmodified Copyright notices are provided with WPScan.\r\nDoes not conflict with the commercialization clause.\r\n4. Copying\r\nhttps://github.com/wpscanteam/wpscan\r\nPage 5 of 6\n\nCopying is permitted so long as it does not conflict with the Redistribution clause.\r\n5. Modification\r\nModification is permitted so long as it does not conflict with the Redistribution clause.\r\n6. Contributions\r\nAny Contributions assume the Contributor grants the WPScan Team the unlimited, non-exclusive right to reuse,\r\nmodify and relicense the Contributor's content.\r\n7. Support\r\nWPScan is provided under an AS-IS basis and without any support, updates or maintenance. Support, updates and\r\nmaintenance may be given according to the sole discretion of the WPScan Team.\r\n8. Disclaimer of Warranty\r\nWPScan is provided under this License on an “as is” basis, without warranty of any kind, either expressed,\r\nimplied, or statutory, including, without limitation, warranties that the WPScan is free of defects, merchantable, fit\r\nfor a particular purpose or non-infringing.\r\n9. Limitation of Liability\r\nTo the extent permitted under Law, WPScan is provided under an AS-IS basis. The WPScan Team shall never, and\r\nwithout any limit, be liable for any damage, cost, expense or any other payment incurred as a result of WPScan's\r\nactions, failure, bugs and/or any other interaction between WPScan and end-equipment, computers, other software\r\nor any 3rd party, end-equipment, computer or services.\r\n10. Disclaimer\r\nRunning WPScan against websites without prior mutual consent may be illegal in your country. The WPScan\r\nTeam accept no liability and are not responsible for any misuse or damage caused by WPScan.\r\n11. Trademark\r\nThe \"wpscan\" term is a registered trademark. This License does not grant the use of the \"wpscan\" trademark or the\r\nuse of the WPScan logo.\r\nSource: https://github.com/wpscanteam/wpscan\r\nhttps://github.com/wpscanteam/wpscan\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://github.com/wpscanteam/wpscan"
	],
	"report_names": [
		"wpscan"
	],
	"threat_actors": [],
	"ts_created_at": 1775434645,
	"ts_updated_at": 1775791312,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/708185e9230b2b1a42fc61cc41c36f73e7fc1dec.pdf",
		"text": "https://archive.orkl.eu/708185e9230b2b1a42fc61cc41c36f73e7fc1dec.txt",
		"img": "https://archive.orkl.eu/708185e9230b2b1a42fc61cc41c36f73e7fc1dec.jpg"
	}
}