WPScan is a non-commercial, free WordPress security scanner. It is a command-line interface (CLI) based. It is used by security professionals to test site security. WPScan is written using Ruby. The database used by the WPScan to check the target for known vulnerabilities is called wpvulndb.com. It is a Ruby application. One can use WPScan on Linux and macOS.
WPScan uses 3 types of enumeration modes:-
1. WordPress username enumeration and password cracking (brute force attack)
WPScan can also attempt to crack weak passwords. WPScan uses a password dictionary to crack weak passwords.
2. WordPress enumeration scans
In the enumeration, scan attackers try to confirm whether what they are targeting does exist on the target system or not. In the WPScan user, enumeration attackers try to detect the user exists on the website or not. Being a BlackBox scanner WPScan doesn’t have access to the source code. It uses enumeration techniques to find the information about the WordPress target.
Some of the most common enumeration scans does by the WPScan are:-
– WordPress user enumeration
– Detection of the version of WordPress, themes, and plugins
– It checks for the public accessible database exports and wp-config.php backups.
3. WordPress theme and plugin vulnerability detection
WPScan not only enumerates the versions of the theme and plugins but also checks for the version against the WordPress vulnerability database. WPScan also checks for the version of the WordPress on which website is running and the vulnerability present in that version so that you can update your WordPress to the latest version.
What WPScan checks for?
- The version of WordPress installed and any associated vulnerabilities
- What plugins are installed and any associated vulnerabilities
- What themes are installed and any associated vulnerabilities
- Username enumeration
- Users with weak passwords via password brute-forcing
- Backed up and publicly accessible wp-config.php files
- Database dumps that may be publicly accessible
- If error logs are exposed by plugins
- Media file enumeration
- If the WordPress readme file is present
- If user registration is enabled
- Full Path Disclose
- Upload directory listing
How To install WPScan in Kali Linux?
Usually, WPScan comes preinstalled on Kali Linux, but if you want to install it here we go.
Step 1: Install Git
sudo apt-get install git
Step 2: Installing dependencies for the latest Ruby development environment
sudo apt-get install git ruby ruby-dev libcurl4-openssl-dev m
Step 3: Install WPScan
git clone http://github.com/wpscanteam/wpscan.git
Step 4: Let change our directory to the WPscan directory
Step 5: To utilize the WPscan utility, you’ll need Bundler. WPScan is a Ruby application that makes use of ‘Gems’ as a programming language. Bundler will assist in keeping WPScan and all of its dependencies up to date.
sudo gem install bundler && bundle install --without test