WPScan Legacy Executor (Docker)¶
Category: Web Application Scanners
Script: wpscan_legacy.py
Integration: CLI (Docker container)
Faraday Plugin: WPScanPlugin
Description¶
Runs WPScan inside the official Docker container (wpscanteam/wpscan:latest) against a WordPress site with JSON output. This is the legacy version that uses Docker instead of a native WPScan installation.
For native WPScan execution with more options, use the WPScan executor.
Prerequisites¶
- Docker installed and running
- Network access to Docker Hub (to pull
wpscanteam/wpscan:latest)
Configuration¶
Environment Variables (Setup)¶
(none required)
Execution Arguments¶
| Parameter | Type | Mandatory | Description |
|---|---|---|---|
WPSCAN_TARGET_URL |
url | Yes | WordPress site URL to scan |
YAML Configuration Example¶
executors:
wpscan_docker:
repo_executor: wpscan_legacy.py
max_size: 65536
varenvs: {}
params:
WPSCAN_TARGET_URL:
mandatory: true
type: url
base: string
How It Works¶
- Creates a temporary directory for output
- Runs:
docker run --rm --mount type=bind,source=<tmpdir>,target=/output wpscanteam/wpscan:latest -o /output/wpscan-output.json --url <target> -f json - Reads the JSON output from the mounted volume
- Parses it through
WPScanPluginand outputs Faraday JSON
Notes¶
- This executor does not support an API token; use the native WPScan executor for API token support
- Docker must have network access to both Docker Hub (for image pull) and the target WordPress site
- The Docker image is pulled at each execution unless already cached locally