WPScan is a WordPress vulnerability scanner written in ruby, which is capable of detecting common security vulnerabilities as well as listing all plugins used by a website hosting WordPress. WPScan is pre-installed in Kali Linux.
WPscan is a nice tool if you want to find out how to exploit a WordPress site as it does all of this:
- Username enumeration (Checks the ‘author’ query-string and the location header).
- Weak password cracking (This can be multi-threaded and supplied a password list of your choosing).
- Version enumeration (Finds what version of WordPress they are running by checking meta tags and client side files).
- Vulneralbility enumeration (Based on what version they are running).
- Timbthumb file enumeration (Checks for Timthumb exploit).
- Plugin enumeration (See what plugins they are running).
- Plugin vulneralbility enumeration (Tells you which, if any, plugins are vulnerable to exploits).
- Theme enumeration (What theme are they running. Sometimes you can find exploits in the theme).
- Readme.html enumeration (Sometimes can be useful because you will see what is needed for that theme. Helps you find out what they are running. E.G. “This theme require PHP 5″).
- Directory listing (Helps footprint the WordPress installation).
To start WPScan, click on Applications--> Kali Linux--> Web Applications--> Web Vulnerability Scanners--> wpscan
Now, to scan for wordpress plugin to exploit, let pickup any wordpress plugin, ex.: http://www.cretan-snails.com. Type
root@kali:~# ruby /usr/bin/wpscan --url http://www.cretan-snails.com in the root terminal window;
(A)
(B)
From the above screenshots, we found that there is 1 vulnerability and 13 plug-ins from passive detection. To find Wordpress usernames, type root@kali:~# wpscan --url http://www.cretan-snails.com --enumerate user
(C)
The above screenshot reveals that there 10 Wordpress usernames from http://www.cretan-snails.com
(A)
(B)
From the above screenshots, we found that there is 1 vulnerability and 13 plug-ins from passive detection. To find Wordpress usernames, type root@kali:~# wpscan --url http://www.cretan-snails.com --enumerate user
(C)
The above screenshot reveals that there 10 Wordpress usernames from http://www.cretan-snails.com
Has there been any update tutorilas for WPScan? I'd like to use it for scraping WordPress sites
ReplyDeleteFULLZ AVAILABLE WITH HIGH CREDIT SCORES 700+
ReplyDelete(Spammed From Credit Bureau of USA)
=>Contact 24/7<=
Telegram> @leadsupplier
ICQ> 752822040
Email> exploit.tools4u@gmail.com
FRESHLY SPAMMED
VALID INFO WITH VALID DL EXPIRIES
*All info included*
NAME+SSN+DOB+DL+DL-STATE+ADDRESS
Employee & Bank details included
CC & CVV'S ONLY USA $8 FOR EACH
$1 for SSN+DOB
$2 for SSN+DOB+DL
$5 for High credit fullz 700+
(bulk order negotiable)
*Payment in all crypto currencies will be accepted
->You can buy few for testing
->Invalid or wrong info will be replaced
->Serious buyers needed for long term
->Very fast delivery
PLEASE DON'T ASK ANYTHING FOR FREE
TOOLS & TUTORIALS AVAILABLE FOR SPAMMING & HACKING
(Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)
SQL Injector = 250$
Premium Accounts (Netflix, coinbase, FedEx, Pornhub, etc) =25$
Paypal Logins = 150$ (10 Logins)
Bitcoin Cracker = 500$
SMTP Linux Root = 300$
DUMPS with pins track 1 and 2 = 85$
Socks, rdp's, vpn = 25$
Php mailer = 25$
Server I.P's = 100$ (1k ip's)
HQ Emails with passwords = 100$ (1k emails+pass)
*If you need a valid vendor it's very prime chance, you'll never be disappointed*
Telegram> @leadsupplier
ICQ> 752822040
Email> exploit.tools4u@gmail.com