Trying WPScan, a black box WordPress vulnerability scanner
I just found a great tool to scan my wordpress sites for vulnerability, WPScan. WPScan is a blackbox scanner which means that you can install it on your computer and scan remote wordpress servers.
To install WPScan on my Ubuntu 14.04 server, I ran these command lines:
$ sudo apt-get install libcurl4-gnutls-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential
$ git clone https://github.com/wpscanteam/wpscan.git
$ cd wpscan
$ sudo gem install bundler && bundle install --without test
Then, tried some of these features:
1. Simple check:
$ ruby wpscan.rb --url www.mywordpress.com
2. Do a wordlist password brute force on all the users:
$ ruby wpscan.rb --url www.mywordpress.com --wordlist darkc0de.txt
Notes: you can download the sample wordlist file here.
for more scanning methods, please read the WPScan's official website.
To install WPScan on my Ubuntu 14.04 server, I ran these command lines:
$ sudo apt-get install libcurl4-gnutls-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential
$ git clone https://github.com/wpscanteam/wpscan.git
$ cd wpscan
$ sudo gem install bundler && bundle install --without test
Then, tried some of these features:
1. Simple check:
$ ruby wpscan.rb --url www.mywordpress.com
2. Do a wordlist password brute force on all the users:
$ ruby wpscan.rb --url www.mywordpress.com --wordlist darkc0de.txt
Notes: you can download the sample wordlist file here.
for more scanning methods, please read the WPScan's official website.
Comments
Post a Comment