WPScan is a blackbox WordPress vulnerability scanner
This project is maintained by the WPScan Team which comprises of @erwan_lr, @gbrindisi, @_FireFart_ & @ethicalhack3r.

WPScan is yet another great tool by Ryan Dewhurst (@ethicalhack3r) and the rest of his team. (@_wpscan_)

Although the image below shows no vulnerabilities, due to the hardened down install of WP running this site, WPScan will try to identify plugins, themes and “interesting” bits of information regarding the WordPress site.

Instructions on downloading and installing WPScan can be found on their website over at http://wpscan.org/

WPScan also has the ability to brute-force the login portal. Although, and i shouldn’t have to say this but i will, performing this action against a domain that does not belong to you or without any prior authorisation is a criminal offence. Don’t do it! not even once.

Typical Usage for WPScan are:

Do ‘non-intrusive’ checks…
ruby wpscan.rb –url www.example.com

Do wordlist password brute force on enumerated users using 50 threads…
ruby wpscan.rb –url www.example.com –wordlist darkc0de.lst –threads 50

Do wordlist password brute force on the ‘admin’ username only…
ruby wpscan.rb –url www.example.com –wordlist darkc0de.lst –username admin

Enumerate installed plugins…
ruby wpscan.rb –url www.example.com –enumerate p

Run all enumeration tools…
ruby wpscan.rb –url www.example.com –enumerate

Update WPScan…
ruby wpscan.rb –update

WPScan comes pre-installed on the top Linux distributions for penetration testing such as:
  • BackBox
  • Linux
  • BackTrack
  • Linux Pentoo
  • SamuraiWTF
Windows is currently not supported. However, it is still to be tested on a windows environment running Cygwin.  If you have got this method to work then please do let myself or a member of the WPScan team know and the documentation can be updated.

I am currently working on a front end to WPScan. Once this is complete, i will upload a post about it.
So to finish off, I recommend checking this script out and follow the guys on twitter to stay up to date with the project.


Post a comment

Popular posts from this blog

Null Session Domain Controller Enumeration

MS15-034: Vulnerability in HTTP.sys Could Allow Remote Code Execution

NetBIOS / NBNS Spoofing