Installing and using WPScan on Linux

WPScan – a utility for testing WordPress, searching for vulnerabilities.

Install the necessary components (for Ubuntu newer than 14.04):

sudo apt-get install libcurl4-openssl-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev git

Install the necessary components (for Ubuntu 14.04):

sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev git build-essential libgmp-dev

Download the WPScan files:

sudo git clone https://github.com/wpscanteam/wpscan.git

Go to the directory with the downloaded files and install the necessary ruby gems:

cd wpscan
gem install bundler
bundle install

Let’s see the help about WPScan:

ruby ./wpscan.rb --help

Update WPScan:

ruby ./wpscan.rb --update

Example of starting a simple test:

ruby ./wpscan.rb --url example.com

Example of starting password guessing:

ruby ./wpscan.rb --url example.com --wordlist pswd.txt --username admin --threads 30

Output detailed information to a file:

ruby ./wpscan.rb --url example.com --debug-output 2>debug.log

Starting using an HTTP proxy:

ruby ./wpscan.rb --url example.com --proxy 127.0.0.1:8080

Leave a comment

Leave a Reply