scan aborted: invalid option: --wordlist

[LynxGeekNYC]

Hello,

Running WPSCAN Version 3.3.1 and the --wordlist option is not included. I ran the Help and it's not even listed on it. Any advice? I updated the DB and still same issue.

If it's for some reason not on the new version but an older version, what's the latest version is it on and how can I downgrade?

Thanks!

[erwanlr]

The --wordlist was in the v2, use the --passwords option in the v3:

-P, --passwords FILE-PATH                     List of passwords to use during the password attack.
                                              If no --username/s option supplied, user enumeration will be run.

[eBug]

Hi. --passwords doesn't work here:
wpscan --url https://www.g¨¨¨¨¨¨¨¨¨.org/ --passwords /home/eric/it/cewl.txt --password-attack xmlrpc
Scan Aborted: --passwords '/home/eric/it/cewl.txt' is not a file

What does it mean 'cewl.txt' is not a file ???

[erwanlr]

@eBug Seems like the path to the file does not exist

[eBug]

@erwanlr how so?

eric@localhost:~$ file /home/eric/it/cewl.txt 
/home/eric/it/cewl.txt: UTF-8 Unicode text
eric@localhost:~$ 

I'm running wpscan within a container, might that explain the exec doesn't find the path? How am I supposed to pass an 'external' path to the container? Sorry if this goes off-topic.

[erwanlr]

File not readable by wpscan then? On Jan 14, 2019 17:43, "Eric" <notifications@github.com> wrote: @erwanlr <https://github.com/erwanlr> how so? eric@localhost:~$ file /home/eric/it/cewl.txt /home/eric/it/cewl.txt: UTF-8 Unicode text eric@localhost:~$ — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1256 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABl266WB8eT1mG7jBl7_OCw9TMC9vTMyks5vDMHYgaJpZM4Y1saj> .

[firefart]

@eBug you need to pass in the file using a volume and pass the container internal path as a wordlist.

docker run --rm -it -v /home/eric/it/:/wordlists wpscanteam:wpscan ..... --passwords /wordlists/cewl.txt

[eBug]

@firefart thank you! that made the job.

[solodzo]

--wordlist => --passwords
--username => --usernames

[gianpaj]

Thanks. This works:

docker run -it --rm -v /Users/__macuser__/:/__containerdirectory__ wpscanteam/wpscan --url http://example..com/ --passwords /__containerdirectory__/passwords.txt

For example
docker run -it --rm -v /Users/john/:/wordlists wpscanteam/wpscan --url http://example.com/ --passwords /wordlists/passwords.txt

[Soundofsnow]

This worked for me:

docker run -it -v --rm $(pwd)/rockyou.txt:/wpscan/rockyou.txt wpscanteam/wpscan --url http://192.168.1.105/wordpress --enumerate u --passwords rockyou.txt

[rizkyn5t]

The --wordlist was in the v2, use the --passwords option in the v3:

-P, --passwords FILE-PATH                     List of passwords to use during the password attack.
                                              If no --username/s option supplied, user enumeration will be run.

you know why this happened, how to fix it

The --wordlist was in the v2, use the --passwords option in the v3:

-P, --passwords FILE-PATH                     List of passwords to use during the password attack.
                                              If no --username/s option supplied, user enumeration will be run.

you know why this happen?

[+] Performing password attack on Wp Login against 1 user/s
Trying /kpukab / michelle Time: 00:00:02 <> (22 / 14344394) 0.00% ETA: ??:??:?Trying /kpukab / sunshine Time: 00:00:02 <> (26 / 14344394) 0.00% ETA: ??:??:?Error: Unknown response received Code: 302
Trying /kpukab / sunshine Time: 00:00:02 <> (27 / 14344394) 0.00% ETA: ??:??:?Error: Unknown response received Code: 302
Trying /kpukab / chocolate Time: 00:00:02 <> (28 /

how to fix it?

[hjgode]

For me, this worked:

docker run --rm -it -v /home/user/wordlists/:/wordlists wpscanteam/wpscan --url https://someweb.de/ --enumerate u --password-attack xmlrpc --passwords /wordlists/rockyou.txt

replace _user_with your user name