The WPScan role

The first role we are going to create is one that runs WPScan. WPScan is a tool that performs a scan of a WordPress site; it tries to figure out the version of WordPress that is running as well as checking for any plugins that have known vulnerabilities. It can also try and brute force the admin user account; however, we are going to skip that.

As always, we can bootstrap the role using this:

$ ansible-galaxy init roles/wpscan

Once the files are in place, we need to add the following to roles/wpscan/defaults/main.yml:

image: "wpscanteam/wpscan"log:  remote_folder: /tmp/wpscan/  local_folder: "generated/"  file: "{{ }}-{{ ansible_date_time.hour }}-{{ ansible_date_time.minute }}.txt"

This sets the image we ...

Get Learn Ansible now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.