Wpscan wordpress vulnerability scanner

Wpscan wordpress vulnerability scanner. WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach. WpScan checks the security of your wordpress installation by enumerating installed themes and plugins and checking against vulnerability databases for known issues.

Details
Username enumeration (from author querystring and location header)
Weak password cracking (multithreaded)
Version enumeration (from generator meta tag)
Vulnerability enumeration (based on version)
Plugin enumeration (2220 most popular by default)
Plugin vulnerability enumeration (based on version) (todo)
Plugin enumeration list generation
Other misc WordPress checks (theme name, dir listing, …)

wpscan.org

WpScan is included in backtrack5 r1 and all versions of Kali Linux. If you don’t already have WpScan installed then you can install it with the following commands on a debian-based distro


sudo apt-get install wpscan


This will download WpScan and any of its dependencies and install them into your system.

COMMANDS

–url (The WordPress URL/domain to scan.)

–version (Only do version enumeration.)

–wordlist (Supply a wordlist for the password bruter and do the brute.)

–threads (The number of threads to use when multi-threading requests.)

–username (Only brute force the supplied username.)

–generate_plugin_list (Generate a new data/plugins.txt file.)

-v (Verbose output.)

EXAMPLES

Do ‘non-intrusive’ checks…

ruby wpscan.rb --url www.example.com

Only do version enumeration…

ruby wpscan.rb --url www.example.com --version

Do wordlist password brute force on enumerated users using 50 threads…

ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50

Do wordlist password brute force on the ‘admin’ username only…

ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin

Generate a new ‘most popular’ plugin list…

ruby ./wpscan.rb --generate_plugin_list 150

Leave a Reply