WordPress Scanning FAQ

I scanned but I don’t see any list of WordPress vulnerabilities or plugins on FutureVuls. How can I debug it?

Check the logs on the server.

The scan results are not reflected

Check the JSON file of the scan result.

Run scan process with –debug option, the same JSON that will be uploaded to FutureVuls will be output to files under /opt/vuls-saas/results on the server. WordPress related settings will be shown as 26293-26297 in the sample below. If this is empty, there is a problem with the config.toml settings.

``sh [vuls-saas@kusanagi2 vuls-saas]$ pwd /opt/vuls-saas [vuls-saas@kusanagi2 vuls-saas]$ grep -n4 wordpress results/current/kusanagi2.json 26289- “port”: “local”, 26290- “scanMode”: [ 26291- “fast-root”. 26292- ], 26293: “wordpress”: { 26294- “osUser”: “kusanagi”, 26295- “docRoot”: “/home/kusanagi/yokota/DocumentRoot”, 26296- “cmdPath”: “/usr/local/bin/wp”, 26297- } 26297- }

#### Sample config.toml

[vuls-saas@kusanagi2 vuls-saas]$ cat config.toml

host = "localhost"
port = "local"
user = "vuls-saas"
scanMode = ["fast-root" ,]

cmdPath = "/usr/local/bin/wp"
osUser = "kusanagi"
docRoot = "/home/kusanagi/yokota/DocumentRoot"

GroupID = xxx
Token = "xxxxxxxx"
URL = "https://auth.vuls.biz/one-time-auth"

Check if config.toml is correct.

Refer to Help to check config.toml.

Run the scan again

Run the scan manually on the server and check if any errors are displayed.

Also, see above > JSON uploaded to FutureVuls also remains on the server. Check if the value is set to the wordpress item in the following command output, as described in `>.

[vuls-saas@kusanagi2 vuls-saas]$ grep -n4 wordpress results/current/kusanagi2.json

If wp command prompts for password, please set sudoers

Set sudoers on the server to be scanned

Make sure you have entered your wpscan.com API key on the FutureVuls screen

Get token and register to futurevuls