Wednesday 1 May 2013

WPScan in Kali Linux

WPScan is a WordPress vulnerability scanner written in ruby, which is capable of detecting common security vulnerabilities as well as listing all plugins used by a website hosting WordPress. WPScan is pre-installed in Kali Linux. 

WPscan is a nice tool if you want to find out how to exploit a WordPress site as it does all of this:
  • Username enumeration (Checks the ‘author’ query-string and the location header).
  • Weak password cracking (This can be multi-threaded and supplied a password list of your choosing).
  • Version enumeration (Finds what version of WordPress they are running by checking meta tags and client side files).
  • Vulneralbility enumeration (Based on what version they are running).
  • Timbthumb file enumeration (Checks for Timthumb exploit).
  • Plugin enumeration (See what plugins they are running).
  • Plugin vulneralbility enumeration (Tells you which, if any, plugins are vulnerable to exploits).
  • Theme enumeration (What theme are they running. Sometimes you can find exploits in the theme).
  • Readme.html enumeration (Sometimes can be useful because you will see what is needed for that theme. Helps you find out what they are running. E.G. “This theme require PHP 5″).
  • Directory listing (Helps footprint the WordPress installation).
To start WPScan, click on Applications--> Kali Linux--> Web Applications--> Web Vulnerability Scanners--> wpscan

Now, to scan for wordpress plugin to exploit, let pickup any wordpress plugin, ex.: http://www.cretan-snails.com. Type
root@kali:~# ruby /usr/bin/wpscan --url http://www.cretan-snails.com in the root terminal window;

(A)


(B)

From the above screenshots, we found that there is 1 vulnerability and 13 plug-ins from passive detection. To find Wordpress usernames, type root@kali:~# wpscan --url http://www.cretan-snails.com --enumerate user

(C)


(D)

The above screenshot reveals that there 10 Wordpress usernames from http://www.cretan-snails.com

2 comments:

  1. Has there been any update tutorilas for WPScan? I'd like to use it for scraping WordPress sites

    ReplyDelete
  2. FULLZ AVAILABLE WITH HIGH CREDIT SCORES 700+
    (Spammed From Credit Bureau of USA)

    =>Contact 24/7<=

    Telegram> @leadsupplier
    ICQ> 752822040
    Email> exploit.tools4u@gmail.com

    FRESHLY SPAMMED
    VALID INFO WITH VALID DL EXPIRIES

    *All info included*
    NAME+SSN+DOB+DL+DL-STATE+ADDRESS

    Employee & Bank details included
    CC & CVV'S ONLY USA $8 FOR EACH

    $1 for SSN+DOB
    $2 for SSN+DOB+DL
    $5 for High credit fullz 700+
    (bulk order negotiable)
    *Payment in all crypto currencies will be accepted

    ->You can buy few for testing
    ->Invalid or wrong info will be replaced
    ->Serious buyers needed for long term
    ->Very fast delivery

    PLEASE DON'T ASK ANYTHING FOR FREE

    TOOLS & TUTORIALS AVAILABLE FOR SPAMMING & HACKING

    (Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

    SQL Injector = 250$
    Premium Accounts (Netflix, coinbase, FedEx, Pornhub, etc) =25$
    Paypal Logins = 150$ (10 Logins)
    Bitcoin Cracker = 500$
    SMTP Linux Root = 300$
    DUMPS with pins track 1 and 2 = 85$
    Socks, rdp's, vpn = 25$
    Php mailer = 25$
    Server I.P's = 100$ (1k ip's)
    HQ Emails with passwords = 100$ (1k emails+pass)

    *If you need a valid vendor it's very prime chance, you'll never be disappointed*

    Telegram> @leadsupplier
    ICQ> 752822040
    Email> exploit.tools4u@gmail.com

    ReplyDelete