WPScan is a black box vulnerability scanner for WordPress written in PHP mainly focus on different types of vulnerability in WordPress, WordPress themes, and plugins. Well, WPScan tool is already installed by default in Kali Linux, SamuraiWTF, Pentoo, BlackArch, and BackBox Linux. WPScanuses the database of all the available plugins and themes (approximately over 18000 plugins and 2600 themes) during testing against the target to find outdated versions and vulnerabilities.
Things WPScan can do for you are:
- Detect a version of currently installed WordPress.
- -Can detect sensitive files like readme, robots.txt, database replacing files, etc.
- -Detect enabled features on currently installed WordPress.
- -Enumerate theme version and name.
- -Detect installed plugins and can tell you if it is outdated or not.
- -Enumerate user names also.
Let’s start.
Go to your Kali Linux terminal and type:
cd /usr/share/wpscan
It will change your directory to wpscan directory to run its scripts. Now simply type in terminal:
Wpscan
There are many scripts in wpscan by which we can determine different results. Let’s start with a simple non-intrusive scan. Type in terminal
rubywpscan.rb –url www.example.com
Wpscan is a great tool to scan wordpress websites. Now we will try to do some basic scan, we will use enumerate tools to find information about themes, plugins, usernames etc.
To find installed plugins on our target’s WordPress website, type in terminal:
ruby ./wpscan.rb –url www.example.com –enumerate p
(Instead of “www.example.com “type the name of a website you want to scan. (Here we are using ruby script with enumerate tool and in the last ‘p’ means plugins)
Finally, after few seconds, you will get result of installed plugins. You can see that in my scan result 4 installed plugins are detected and 3 of them are outdated, it means may be it is possible that you can find exploits for outdated version of plugin.
Now to detect which theme is installed in WordPress website type:
ruby ./wpscan.rb –url www.example.com –enumerate t
(here‘t’ means theme)
After few seconds by result you can easily find out which theme your target is using on their WordPress website.
Now to detect user names type:
ruby ./wpscan.rb –url www.example.com –enumerate u
(Here ‘u’ means user)
AUTHOR: AkshayBhardwaj is a passionate Hacker, Information Security Enthusiast and Researcher | Sketch Artist |Technical writer.
The post Vulnerability Scanning in WordPress Site using WPScan appeared first on Hacking Articles.