WPScan: How to install and Find WordPress Vulnerability

What is WPScan?


1. What is WPScan?

WPScan is a tool that is used to scan the WordPress website for Vulnerabilities. In this article, I am going to tell you. How to install and find Vulnerabilities in your WordPress site using WPScan.

WordPress is one of the platforms most commonly used for website development, currently, thousands of websites on the Internet use WordPress.

Using WordPress is a great advantage because it is free and practical, but we must be aware of the platform's security, because remember that it is an Open Source platform, where everyone has access to the source code, thus being able to exploit security flaws.

To keep your WordPress safe we ​​recommend reading this article:

How to secure your WordPress website

Now let's move on to the more “fun” part, exploiting flaws and vulnerabilities in WordPress, so we will use the WPScan tool that is available by default on several Linux distributions for Pentest and can also be installed on Windows and other Linux distributions that are not targeted to perform intrusion testing.

The great strength of the tool alone is due to the fact that it lists themes, versions, plugins, subdomains, users, vulnerabilities, and application passwords in WordPress. It sounds like a joke, but thousands of sites are vulnerable.

2. Installation of WPScan

So let's get started with WPScan Installation.

2.1 Installing WPScan on Ubuntu and Kali Linux

Open your Terminal and type the following commands:

sudo apt update (For updating Repositories)

sudo apt install curl git libcurl4-openssl-dev make zlib1g-dev gawk g++ gcc libreadline6-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 autoconf libgdbm-dev libncurses5-dev automake libtool bison pkg-config ruby ruby-bundler ruby-dev -y (This is for installing dependencies)


Now install WpScan using Ruby's gem installer

gem install wpscan

Hence the installation of WpScan in Ubuntu and Kali Linux gets completed.

2.2 Installing WpScan in Termux Android

Open your Termux app and type the following commands:

pkg install ruby

gem install wpscan

wpscan -h (for usage command)

Hence the installation of WPScan in Termux android is completed.

2.3 Installing WpScan in macOS


 brew install ruby

gem install wpscan

Hence the installation of WPScan in macOS is completed.

2.4 Installing WpScan in Windows

Go to the official website of ruby by clicking below and download the Ruby installer for windows.


Now open your cmd and type the following command:

gem install wpscan

Done. Installation of WpScan on windows is completed.

3. Using WpScan Scanning a WordPress site for vulnerabilities 

wpscan

With this action, we will find a list of potentially exploitable vulnerabilities in our WordPress, either in the core of it, in the themes, or in the plugins.

For this we will execute the command:

wpscan --url <YOUR WEBSITE HERE>

Note: Replace <YOUR WEBSITE HERE> with URL of the website that you want to test.

wordpress vulnerability

As we can see, we have found different items with potential vulnerabilities that could be used by an attacker to compromise our WordPress.


  • XMLRPC.php (XML-RPC Interface) is open for exploitation like brute-forcing and DDoS pingbacks.
  • Old WordPress version( may have a vulnerability in the current old Wordpress version).
  • The external WP-Corn is enabled it would be possible to make a DDoS attack against wp-cron.php
  • We also found a readme.html file. This file may contain some juicy information.

It is important to keep in mind that WPScan cannot determine the version of a specific plugin, it simply launches a list of potential vulnerabilities on the screen. Just because a plug-in version cannot be determined does not mean that the site is not vulnerable.

We must review the vulnerabilities that it details, visit the detail of the info that it shows us and run different exploits to know if our WordPress is vulnerable or not.

I link different URLs where we can find information relevant to potential vulnerabilities:

wpscan --url <YOUR WEBSITE> --enumerate u

The above command tries to list the users of the WordPress application that is running on the site in addition to other vulnerabilities that it can find.

After finding the users, create a wordlist, and type the following command or you can use any wordlist that is available.

wpscan --url <YOUR WEBSITE> --username admin --wordlist wordlist.txt

After running the above command successfully. The tool will attempt to crack the password for the admin user.

Note: Replace "admin" with the username that you want to crack password for and replace the wordlist.txt with your wordlist

You can also use other functions of the tool, just read the documentation or type wpscan --help or just type wpscan to see the use of more parameters.

4. Conclusion

In this article, we have learned how to install the WpScan in different types of Operating System and how to find vulnerabilities in the WordPress website with the help of WpScan. There are millions of website are present on the internet that runs on WordPress. And many of them are vulnerable. To secure your WordPress website you can read our article on how to secure your WordPress website by here:

Secure your WordPress website

Thanks for reading our article. If you find our article helpful then feel free to comment below in the comment section.

Post a Comment

Previous Post Next Post