Find WordPress Security Vulnerabilities with WPScan
WPScan is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites.
In this article, we’re going to install and use WPScan hacking tool. Let’s get started:
Table of Contents
WPScan comes pre-installed in Kali Linux. We can easily install WPScan on other distros. Run these commands to install WPScan:
sudo apt install patch build-essential zlib1g-dev liblzma-dev ruby-dev sudo gem install nokogiri sudo gem install wpscan # Or git clone https://github.com/wpscanteam/wpscan cd wpscan/ bundle install && rake install
Type this command to see all available options:
The output looks like:
Perform a scan of your website:
wpscan --url http://example.com --rua
--rua (random-user-agent) is used to randomly select the user agent.
Find vulnerable plugins & themes:
# plugins wpscan --url http://example.com --rua --enumerate ap # themes wpscan --url http://example.com --rua --enumerate at
Try to find users:
wpscan --url http://example.com --rua --enumerate u
Perform Brute-force attack: You can download password dictionaries from GitHub and can run attack.
Download password dictionaries:
sudo apt install wordlists ls /usr/share/wordlists/rockyou.txt.gz gzip -d rockyou.txt.gz ls -la /usr/share/wordlists/rockyou.txt
wpscan --url http://example.com --rua -P /usr/share/wordlists/rockyou.txt -U 'admin', 'admin2'
That’s it. Thanks for reading.
Md Obydullah is a software engineer and full stack developer specialist at Laravel, Django, Vue.js, Node.js, Android, Linux Server, and Ethichal Hacking.