WPScan: WordPress Hacking

wpscan

WordPress is everywhere throughout the web; it’s the most well known and most used content management system (CMS) out there. Is your site or blog powered by WordPress? Did you realize that malicious hackers are continually attacking WordPress sites? On the off chance that you didn’t, now you know.

The initial move towards making your site or blog secure is to perform a vulnerability assessment. This is essentially an activity to recognize common security loopholes (known to the general population), inside your site or its underlying architecture.

In this article, we will tell you the best way to install and use the WPScan, a free scanner made for security experts and site maintainers to test the security of their sites.

What is WPScan?

WPScan is a command-line WordPress vulnerability scanner that can be used to scan WordPress vulnerabilities.

Installation

Install WPScan on Debian/Ubuntu:

  • First, install Ruby.
sudo apt install ruby
  • Install dependencies
sudo apt install build-essential libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev  libgmp-dev zlib1g-dev
  • Install WPScan
sudo gem install wpscan
  • It will be installed to /usr/local/bin/wpscan

Install WPScan on CentOS/RHEL/Fedora:

  • First, install Ruby.
sudo dnf install ruby
  • install dependencies
sudo dnf group install "Development Tools"
sudo dnf install git gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch rpm-build
  • Install WPScan.
sudo gem install wpscan
  • It will be installed to /usr/local/bin/wpscan.

Install WPScan on Arch Linux:

  • WPScan is in Arch Linux repository, simply run the following command to install it.
sudo pacman -S wpscan

How to scan WordPress sites with WPScan

  • To update database to the lastest version, run
wpscan --update
  • Scan a site
wpscan --url=http(s)://ADDRESS
  • Scan installed plugins
wpscan --url http(s)://ADDRESS --enumerate p
  • Scan vulnerable plugins
wpscan --url http(s)://ADDRESS --enumerate vp
  • Scan installed themes
wpscan --url http(s)://ADDRESS --enumerate t
  • Scan vulnerable themes
wpscan --url http(s)://ADDRESScom --enumerate vt
  • Scan user accounts:
wpscan --url http(s)://ADDRESS --enumerate u
  • Password Guessing:
wpscan --url http(s)://ADDRESS --wordlist passwords.txt threads 50
  • Scan vulnerable timthumb files:
wpscan --url http(s)://ADDRESS --enumerate tt

Using WPVulnDB API

By default, WPScan only tells you if there’s vulnerabilities found, but doesn’t show the details of vulnerabilities. You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.

Once you have created account, you can save the API token in a file. Run the following command to create WPScan configruation file.

nano ~/.wpscan/scan.yml

Put the following lines in the file.

cli_options:
    api_token: YOUR_API_TOKEN

Note :-

Scanning websites without owner’s permission is illegal. Do it only on your own website.

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *