Find WordPress Security Vulnerabilities with WPScan

WPScan is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites.

In this article, we’re going to install and use WPScan hacking tool. Let’s get started:

Table of Contents

  1. Installation
  2. Usage
  3. Examples

Installation

WPScan comes pre-installed in Kali Linux. We can easily install WPScan on other distros. Run these commands to install WPScan:

sudo apt install patch build-essential zlib1g-dev liblzma-dev ruby-dev
sudo gem install nokogiri
sudo gem install wpscan

# Or

git clone https://github.com/wpscanteam/wpscan
cd wpscan/
bundle install && rake install

Usage

Type this command to see all available options:

wpscan -h

The output looks like:

Examples

Perform a scan of your website:

wpscan --url http://example.com --rua

Here, --rua (random-user-agent) is used to randomly select the user agent.

Find vulnerable plugins & themes:

# plugins
wpscan --url http://example.com --rua --enumerate ap

# themes
wpscan --url http://example.com --rua --enumerate at

Try to find users:

wpscan --url http://example.com --rua --enumerate u

Perform Brute-force attack: You can download password dictionaries from GitHub and can run attack.

Download password dictionaries:

sudo apt install wordlists
ls /usr/share/wordlists/rockyou.txt.gz
gzip -d rockyou.txt.gz
ls -la /usr/share/wordlists/rockyou.txt

Run attack:

wpscan --url http://example.com --rua -P /usr/share/wordlists/rockyou.txt -U 'admin', 'admin2'

That’s it. Thanks for reading.