WPScan – a utility for testing WordPress, searching for vulnerabilities.
Install the necessary components (for Ubuntu newer than 14.04):
sudo apt-get install libcurl4-openssl-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev git
Install the necessary components (for Ubuntu 14.04):
sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev git build-essential libgmp-dev
Download the WPScan files:
sudo git clone https://github.com/wpscanteam/wpscan.git
Go to the directory with the downloaded files and install the necessary ruby gems:
cd wpscan
gem install bundler
bundle install
Let’s see the help about WPScan:
ruby ./wpscan.rb --help
Update WPScan:
ruby ./wpscan.rb --update
Example of starting a simple test:
ruby ./wpscan.rb --url example.com
Example of starting password guessing:
ruby ./wpscan.rb --url example.com --wordlist pswd.txt --username admin --threads 30
Output detailed information to a file:
ruby ./wpscan.rb --url example.com --debug-output 2>debug.log
Starting using an HTTP proxy:
ruby ./wpscan.rb --url example.com --proxy 127.0.0.1:8080