Quick Tutorial: WPScan WordPress Security Scanner tool

This tutorial covers the usage of the WPScan tool, which is a WordPress security scanner. WordPress is one of the popular content management systems and almost 30 percent of websites in the world use it. WPScan is a Ruby-based CLI tool and has a database of more than 23,000 WordPress vulnerabilities. Click Here if you are interested in learning the Security Audit of WordPress Applications.

WPScan is pre-installed on different penetration-testing Linux distributions(Kali Linux, Parrot, etc.). Although it can be installed by using the below command:

gem install wpscan

You can download and install WPScan by using the below GitHub link:

https://github.com/wpscanteam/wpscan

The simple answer is website development in WordPress is very easy. You can develop almost any type of website by using different available plugins and themes. Also, WordPress is quite active in providing security updates regularly.

WPScan Tool

Usage of WPScan Tool

What types of issues are identified by WPScan?

This tool is able to perform a lot of tests that identify the following issues:

  • WordPress version identification
  • Identify installed plugins and themes,
  • Usernames, and password identification using brute force
  • Find wp-config files
  • Find database dumps
  • Find exposed error logs
  • Enumeration of media files etc.

Usage Examples

(1) First Scan

You can start your first scan by using --url with the target WordPress website.

wpscan --url https://<url>

Identify popular themes in WordPress website and scan associated vulnerabilities using -t option

wpscan --url  https://<url>  -t

(3) Use the WPScan API token to display vulnerability data

You need to register on the website to access the API tokens.

wpscan --url  https://<url> --api-token <token>

(4) Bruteforce passwords

This allows identifying users with weak passwords via password via brute force

wpscan --url https://<url> -passwords <path-of-password-file>

(5) Update the Scanner

You can update the WPScan vulnerability database by using --update.

wpscan --update

(6) Scan vulnerable themes

Use this option to identify vulnerable themes

wpscan --url https://<url> --enumerate vt

(7) Scan vulnerable plugins

Use this option to identify vulnerable plugins in WordPress websites.

 wpscan --url https://<url> --enumerate vp 

(8) Identify the version of WPScan

This option is used to identify the version of WPScan.

wpscan --version

(9) Use a random user agent to scan

These options use different user agents to scan WordPress URLs

wpscan --url https://<url> --random-user-agent

(10) User enumeration

This option provides you to enumerate users on the WordPress website.

wpscan --url https://<url> -u

Conclusion

WPScan is a powerful tool that gives a nice report to start the application security of a WordPress website. It is recommended to add this tool to your arsenal while assessing the security of WordPress applications.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

10 Blockchain Security Vulnerabilities OWASP API Top 10 - 2023 7 Facts You Should Know About WormGPT OWASP Top 10 for Large Language Models (LLMs) Applications Top 10 Blockchain Security Issues