Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an option to skip enumeration #1802

Open
alexsanford opened this issue Sep 14, 2023 · 5 comments
Open

Add an option to skip enumeration #1802

alexsanford opened this issue Sep 14, 2023 · 5 comments
Labels
Feature request

Comments

@alexsanford
Copy link
Contributor

From here: #1688 (comment)

For example, the option would allow a user to run a brute force without enumerating plugins.
@alexsanford alexsanford mentioned this issue Sep 14, 2023
Open
@Haxel0rd
Copy link

Bump,
also looking for the feature to skip the whole wp-scan (including plugin enum and config backup check, etc.), for scenarios where scan is over and we just want to Bruteforce the UserPW for example. Surprised it is not an included feature yet.

@erwanlr
Copy link
Member

erwanlr commented Mar 12, 2025

Which command are you running ? If you don't provide the enumeration option (ie -e) then no enumeration is done

@Haxel0rd
Copy link

Haxel0rd commented Mar 12, 2025
edited
Loading

Thanks, it differs, but for the current case i am running the password spraying attacks on already enumerated usernames:
docker run -it --rm -v /workdir/wordlists:/wlists wpscanteam/wpscan --random-user-agent --disable-tls-checks --api-token [token] -P /wlists/pwlist-top-10000.txt --usernames admin --url [url]

In that case, the whole scan is still firing, including plugin checks and such, while i just wanted to use the password spraying feature.

I would suggest a general "--skip-scans" flag, which should be independant of anything else (-e or --usernames for example), that tells wpscan to skip the wp- and plugin detection phases, while allowing additional checks like user enumeration and dictionary attacks to proceed. Yesterday for example i was stuck on config backup scan for 3 - 5 mins around, target was slow, so it was annoying to wait for the scans to complete, before actual password spraying took place.

@erwanlr
Copy link
Member

erwanlr commented Mar 12, 2025
edited
Loading

Humm right, I completely forgot that there are some enumeration done by default (even w/o the -e option passed) and we had planned to release a major version to remove such behaviour: #1628 (PR: #1637)

I will chat with @alexsanford today about this

In the meantime, you can use the --config-backups-detection passive as a workaround to 'skip' the config backup enumeration and speed things up

@Haxel0rd
Copy link

Would be great to see this implemented, but the flag for skipping config detection will already be usefull indeed, thanks a lot for that and thanks for looking into the feature request in general. Regards!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alexsanford @erwanlr @Haxel0rd