WPScan installation on Ubuntu
Install packages
apt-get install git
apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
apt-get zliblg-dev liblzma-dev
Use git to clone branch of WPScan
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test development
Lunch it with ruby and check usage options
ruby wpscan.rb
To update WPSca
git pull
WPScan Scanning for Vulnerabilities
Quick Scan
ruby wpscan.rb --url http://wpsite.com
Vulnerable Plugins Scan
ruby wpscan.rb --url http://wpsite.com --enumerate vp
Vulnerable Themes Scan
ruby wpscan.rb --url http://wpsite.com --enumerate vt
User Enumeration Scan
ruby wpscan.rb --url http://wpsite.com --enumerate u
Password Scan
ruby wpscan.rb --url http://wpsite.com --wordlist passwords.txt threads 100
*password.txt is not part of the source, you can download dictionary file from many places.. for example: https://github.com/danielmiessler/SecLists/tree/master/Passwords
More information about the tool can be found here https://wpscan.org/.
0 comments:
Post a Comment