Scanning WordPress sites using WPScan
WPScan is a free, for non-commercial use, WordPress security scanner written for security professionals and blog maintainers to test the security of WordPress websites.
WPScan is used to scan the wordpress website for vulnerabilities within WordPress core files, plugin, and themes.
Installation
WPScan is pre-installed in Kali Linux. or detailed installation in Linux/MacOS, visit Github page.
To update WPScan, open terminal and type the following commands:
sudo apt-get update && apt-get upgrade
wpscan --update
Usage
wpscan --help
Scan WordPress website
wpscan --url <website url>
Advanced scanning can be done with enumerate option
Check for vulnerable plugins
wpscan --url <website url> --enumerate vp
Check for all plugins
wpscan --url <website url> --enumerate ap
Check or popular plugins
wpscan --url <website url> --enumerate p
Check vulnerable plugins
wpscan --url <website url> --enumerate vp
Check for vulnerable themes
wpscan --url <website url> --enumerate vt
Check for all themes
wpscan --url <website url> --enumerate at
Check for themes
wpscan --url <website url> --enumerate t
Check for Timthumbs
wpscan --url <website url> --enumerate cb
Check for DB exports
wpscan --url <website url> --enumerate dbe
This information is only for educational purpose and we are not responsible for any kind of illegal activity done by this tool.
Check out similar tools HERE.
Hope you have enjoyed reading this.
Leave a comment below
Leave a comment below
I just wanted to say this is an elegantly composed article as we have seen here.
ReplyDeleteWordpress Security Scanner