[FEATURE] Add support for wpscan.

boxuk · Jul 29, 2021 · 1f73e37 · 1f73e37
1 parent 611e747
commit 1f73e37
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 0 deletions.
diff --git a/bin/docker/wpscan b/bin/docker/wpscan
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+. .env
+. docker/wpscan/.env
+
+APP_CONTAINER_ID="$( docker-compose ps -q app )"
+
+docker run --network="container:$APP_CONTAINER_ID" -it --rm wpscanteam/wpscan --disable-tls-checks --api-token "$WPSCAN_API_TOKEN" --url "$WP_HOME" "$@"
diff --git a/docker/wpscan/.env.dist b/docker/wpscan/.env.dist
@@ -0,0 +1 @@
+WPSCAN_API_TOKEN=
diff --git a/docs/dev/usage.md b/docs/dev/usage.md
@@ -42,3 +42,15 @@ feature_flags:
 This will register with the feature flagging library you are using, as long as we support it. Current supported feature flagging libraries:
 
 * [Flagpole](https://github.com/jamesrwilliams/flagpole)
+
+## WPScan
+
+We encourage running [WPScan](https://github.com/wpscanteam/wpscan) at regular intervals (at least weekly). This can be done via the following command:
+
+`bin/docker/wpscan`
+
+> An API token can be added via `./docker/wpscan/.env`
+
+The URL of the local site (the value of `WP_HOME`) will be added automatically, as will `disable-tls-checks` (this is needed due to the self-signed certificate).
+
+You can pass any other options as you wish.