secureCodeBox · Zero3141 · Aug 25, 2023 · Aug 23, 2023 · Aug 23, 2023 · Aug 25, 2023
diff --git a/scanners/wpscan/.helm-docs.gotmpl b/scanners/wpscan/.helm-docs.gotmpl
@@ -29,9 +29,9 @@ usecase: "Wordpress Vulnerability Scanner"
 
 WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites.
 
-> NOTE: You need to provide WPSan with an API Token so that it can look up vulnerabilities infos with [https://wpvulndb.com](https://wpvulndb.com). Without the token WPScan will only identify WordPress Core / Plugin / Theme versions but not if they are actually vulnerable. You can get a free API Token at by registering for an account at [https://wpvulndb.com](https://wpvulndb.com). Using the secureCodeBox WPScans you can specify the token via the `WPVULNDB_API_TOKEN` target attribute, see the example below.
+> NOTE: You need to provide WPSan with an API Token so that it can look up vulnerabilities infos with [https://wpscan.com](https://wpscan.com). Without the token WPScan will only identify WordPress Core / Plugin / Theme versions but not if they are actually vulnerable. You can get a free API Token at by registering for an account at [https://wpscan.com](https://wpscan.com). Using the secureCodeBox WPScans you can specify the token via the `WPVULNDB_API_TOKEN` target attribute, see the example below.
 
-To learn more about the WPScan scanner itself visit [wpscan.org] or [wpscan.io].
+To learn more about the WPScan scanner itself visit [wpscan.org].
 {{- end }}
 
 {{- define "extra.scannerConfigurationSection" -}}
@@ -82,7 +82,6 @@ Incompatible choices (only one of each group/s can be used):
 {{- end }}
 
 {{- define "extra.scannerLinksSection" -}}
-[wpscan.io]: https://wpscan.io/
 [wpscan.org]: https://wpscan.org/
 [WPScan Documentation]: https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation
 {{- end }}
diff --git a/scanners/wpscan/examples/example.com/findings.yaml b/scanners/wpscan/examples/example.com/findings.yaml
diff --git a/scanners/wpscan/examples/example.com/scan.yaml b/scanners/wpscan/examples/example.com/scan.yaml
@@ -16,4 +16,4 @@ spec:
     - "--plugins-detection"
     - "mixed"
     - "--api-token"
-    - "AAAAABBBBBCCCCCDDDDEEEEEEE"
+    - "TODO"
diff --git a/scanners/wpscan/examples/old-wordpress/README.md b/scanners/wpscan/examples/old-wordpress/README.md
@@ -5,7 +5,22 @@ SPDX-License-Identifier: Apache-2.0
 -->
 
 :::note
-This example scan uses a demo wordpress 4.0 instance.
-You can deploy it as a demo target into you cluster. The scan assumes that it is installed in the `demo-targets` namespace.
-See the [installation guide](/docs/getting-started/installation#install-some-demo-targets).
+For this example to work, you must add a valid API Token to the scan.yaml!
 :::
+
+In this example we execute an wpscan scan against an old wordpress 4.0 instance [old-wordpress](https://github.com/secureCodeBox/secureCodeBox/tree/main/demo-targets/old-wordpress)
+
+#### Initialize old-wordpress in cluster
+
+Before executing the scan, make sure to setup old-wordpress
+
+```bash
+helm upgrade --install old-wordpress secureCodeBox/old-wordpress --wait
+```
+
+Then, add an API Key in scan.yaml by replacing the `TODO` after the --api-token flag.
+
+After that you can execute the scan in this directory:
+```bash
+kubectl apply -f scan.yaml
+```
diff --git a/scanners/wpscan/examples/old-wordpress/findings.json b/scanners/wpscan/examples/old-wordpress/findings.json
diff --git a/scanners/wpscan/examples/old-wordpress/findings.yaml b/scanners/wpscan/examples/old-wordpress/findings.yaml
diff --git a/scanners/wpscan/examples/old-wordpress/scan.yaml b/scanners/wpscan/examples/old-wordpress/scan.yaml
@@ -10,8 +10,10 @@ spec:
   scanType: "wpscan"
   parameters:
     - "--url"
-    - old-wordpress.demo-targets.svc.cluster.local
+    - old-wordpress
     - "-e"
     - "vp"
     - "--plugins-detection"
     - "mixed"
+    - "--api-token"
+    - "TODO"