Scanning WordPress sites using WPScan

WPScan is a free, for non-commercial use, WordPress security scanner written for security professionals and blog maintainers to test the security of WordPress websites.


WPScan is used to scan the wordpress website for vulnerabilities within WordPress core files, plugin, and themes.

Installation

WPScan is pre-installed in Kali Linux. or detailed installation in Linux/MacOS, visit Github page.

To update WPScan, open terminal and type the following commands:
sudo apt-get update && apt-get upgrade
wpscan --update



Usage

wpscan --help



Scan WordPress website

wpscan --url <website url>



Advanced scanning can be done with enumerate option

Check for vulnerable plugins

wpscan --url <website url> --enumerate vp

Check for all plugins

wpscan --url <website url> --enumerate ap

Check or popular plugins

wpscan --url <website url> --enumerate p

Check vulnerable plugins

wpscan --url <website url> --enumerate vp

Check for vulnerable themes

wpscan --url <website url> --enumerate vt

Check for all themes

wpscan --url <website url> --enumerate at

Check for themes

wpscan --url <website url> --enumerate t

Check for Timthumbs

wpscan --url <website url> --enumerate cb

Check for DB exports

wpscan --url <website url> --enumerate dbe




This information is only for educational purpose and we are not responsible for any kind of illegal activity done by this tool.

Check out similar tools HERE.

Hope you have enjoyed reading this.
Leave a comment below


Comments

  1. I just wanted to say this is an elegantly composed article as we have seen here.

    Wordpress Security Scanner

    ReplyDelete

Post a Comment

Popular Posts