Quick Tutorial: WPScan WordPress Security Scanner tool
This tutorial covers the usage of the WPScan tool, which is a WordPress security scanner. WordPress is one of the popular content management systems and almost 30 percent of websites in the world use it. WPScan is a Ruby-based CLI tool and has a database of more than 23,000 WordPress vulnerabilities. Click Here if you are interested in learning the Security Audit of WordPress Applications.
WPScan is pre-installed on different penetration testing Linux distributions(Kali Linux, Parrot, etc.). Although it can be installed by using the below command:
gem install wpscan
You can download and install WPScan by using the below GitHub link:
Why WordPress is popular among bloggers?
The simple answer is website development in WordPress is very easy. You can develop almost any type of website by using different available plugins and themes. Also, WordPress is quite active in providing security updates regularly.
Usage of WPScan Tool
What types of issues identify by WPScan?
This tool is able to perform a lot of tests that identify the following issues:
- WordPress version identification
- Identify installed plugins and themes,
- Usernames, password identification using bruteforce
- Find wp-config files
- Find database dumps
- Find exposed error logs
- Enumeration of media file etc.
(1) First Scan
You can start your first scan by using
--url with the target WordPress website.
(2) Check popular themes
Identify popular themes in WordPress website and scan associated vulnerabilities using -t option
--url https://<url> -t
(3) Use WPScan API token to display vulnerability data
You need to register on the website to access the API tokens.
(4) Bruteforce passwords
This allows identifying users with weak passwords via password via brute force
--url https://<url> -passwords <path-of-password-file>
(5) Update Scanner
You can update the WPScan vulnerability database by using
(6) Scan vulnerable themes
Use this option to identify vulnerable themes
(7) Scan vulnerable plugins
Use this option to identify vulnerable plugins in the WordPress websites.
(8) Identify the version of WPScan
This option is used to identify the version of WPScan.
(9) Use a random user-agent to scan
These options use different user agents to scan WordPress URLs
(10) User enumeration
This option provides you to enumerate users on the WordPress website.
--url https://<url> -u
WPScan is a powerful tool that gives a nice report to start application security of WordPress website. It is recommended to add this tool to your arsenal while assessing the security of the WordPress applications.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.