WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites.

Installation

Prerequisites

  • (Optional but highly recommended: RVM)
  • Ruby >= 2.3 – Recommended: latest
    • Ruby 2.5.0 to 2.5.3 can cause an ‘undefined symbol: rmpd_util_str_to_d’ error in some systems, see #1283
  • Curl >= 7.21 – Recommended: latest
    • The 7.29 has a segfault
  • RubyGems – Recommended: latest

Also Read – 4 Best Writing Tools Linux

From RubyGems (Recommended)

gem install wpscan

On MacOSX, if a Gem::FilePermissionError is raised due to the Apple’s System Integrity Protection (SIP), either install RVM and install it again, or run sudo gem install -n /usr/local/bin wpscan

From sources (NOT Recommended)

Prerequisites: Git

git clone https://github.com/wpscanteam/wpscan
cd wpscan/
bundle install && rake install

Updating

You can update the local database by using wpscan --update

Updating itself is either done via gem update wpscan or the packages manager (this is quite important for distributions such as in Kali Linux: apt-get update && apt-get upgrade) depending how it was (pre)installed.

Docker

Pull the repo with docker pull wpscanteam/wpscan

Enumerating usernames

docker run -it –rm wpscanteam/wpscan –url https://target.tld/ –enumerate ua

Enumerating a range of usernames

docker run -it –rm wpscanteam/wpscan –url https://target.tld/ –enumerate u1-100

** replace u1-100 with a range of your choice.

Usage

wpscan –url blog.tld This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively).

Potential config backup files will also be checked, along with other interesting findings. If a more stealthy approach is required, then wpscan –stealthy –url blog.tld can be used. As a result, when using the –enumerate option, don’t forget to set the –plugins-detection accordingly, as its default is ‘passive’.

For more options, open a terminal and type wpscan –help (if you built wpscan from the source, you should type the command outside of the git repo)

The DB is located at ~/.wpscan/db

It can load all options (including the –url) from configuration files, the following locations are checked (order: first to last):

  • ~/.wpscan/cli_options.json
  • ~/.wpscan/cli_options.yml
  • pwd/.wpscan/cli_options.json
  • pwd/.wpscan/cli_options.yml

If those files exist, options from them will be loaded and overridden if found twice.

e.g:

~/.wpscan/cli_options.yml:

proxy: ‘http://127.0.0.1:8080’
verbose: true

pwd/.wpscan/cli_options.yml:

proxy: ‘socks5://127.0.0.1:9090’
url: ‘http://target.tld’

Running wpscan in the current directory (pwd), is the same as wpscan -v –proxy socks5://127.0.0.1:9090 –url http://target.tld

Enumerating usernames

wpscan –url https://target.tld/ –enumerate u

Enumerating a range of usernames

wpscan –url https://target.tld/ –enumerate u1-100

** replace u1-100 with a range of your choice.

Public Source License

The software (henceforth referred to simply as “WPScan”) is dual-licensed – Copyright 2011-2019 Team.

Cases that include commercialization of it require a commercial, non-free license. Otherwise, it can be used without charge under the terms set out below.

1. Definitions

1.1 “License” means this document.

1.2 “Contributor” means each individual or legal entity that creates, contributes to the creation of, or owns it.

1.3 “WPScan Team” means WPScan’s core developers.

2. Commercialization

A commercial use is one intended for commercial advantage or monetary compensation.

Example cases of commercialization are:

  • Using it to provide commercial managed/Software-as-a-Service services.
  • Distributing it as a commercial product or as part of one.
  • Using it as a value added service/product.

Example cases which do not require a commercial license, and thus fall under the terms set out below, include (but are not limited to):

  • Penetration testers (or penetration testing organizations) using it as part of their assessment toolkit.
  • Penetration Testing Linux Distributions including but not limited to Kali Linux, SamuraiWTF, BackBox Linux.
  • Using it to test your own systems.
  • Any non-commercial use of it.

Free-use Terms and Conditions;

3. Redistribution

Redistribution is permitted under the following conditions:

  • Unmodified License is provided with it.
  • Unmodified Copyright notices are provided with it.
  • Does not conflict with the commercialization clause.

4. Copying

Copying is permitted so long as it does not conflict with the Redistribution clause.

5. Modification

Modification is permitted so long as it does not conflict with the Redistribution clause.

6. Contributions

Any Contributions assume the Contributor grants the Team the unlimited, non-exclusive right to reuse, modify and relicense the Contributor’s content.

7. Support

It is provided under an AS-IS basis and without any support, updates or maintenance. Support, updates and maintenance may be given according to the sole discretion of the Team.

8. Disclaimer of Warranty

It is provided under this License on an “as is” basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the free of defects, merchantable, fit for a particular purpose or non-infringing.

9. Limitation of Liability

To the extent permitted under Law, it is provided under an AS-IS basis. The Team shall never, and without any limit, be liable for any damage, cost, expense or any other payment incurred as a result of it’s actions, failure, bugs and/or any other interaction between the and end-equipment, computers, other software or any 3rd party, end-equipment, computer or services.

10. Disclaimer

Running it against websites without prior mutual consent may be illegal in your country. The Team accept no liability and are not responsible for any misuse or damage caused by it.

11. Trademark

The “wpscan” term is a registered trademark. This License does not grant the use of the it trademark or the use of the logo.