Our blog

Secure Your WordPress | Tool Explained wpscan

WordPress is one of the most popular CMS among its entire open source competitor. WordPress has very simple and open framework. It is the most desirable choice of any hacker to start learning hacking with it.

Today we will look at tool called wpscan. This tool is vulnerability scanner for any WordPress installation. It will let you know following things

  1. Version of the WordPress
  2. Known list of information disclosure files (ex. Readme.html)
  3. WordPress usernames
  4. WordPress Plugin names
  5. Bruteforce for password (Password list needs to be generated)

How this information is useful to me/attacker?

  1. You can check your WordPress installation version against current available version
  2. You can check known vulnerability using Google for the version you have installed
  3. Information disclosure files are easiest way to get installed version of WordPress
  4. Enumerated usernames can be brute-forced
  5. Plugins can be attacked against known vulnerability

How to use this tool?

  1. For basic WordPress information     #ruby wpscan.rb –url  <URL>
  2. For username enumeration #ruby wpscan.rb –url <URL> –enumerate u
  3. For plugin enumeration #ruby wpscan.rb –url <URL> –enumerate p
  4. For password brute force attack #ruby wpscan.rb –url <URL> –wordlist <Password file> –username <user name>

All commends are explained in following video

Download and installation

Please use the up to date instructions found here; http://code.google.com/p/wpscan/wiki/README

Interested in our Testing Services?

Contact Apexon +1 408-727-1100

By submitting this form, you agree that you have read and understand Apexon’s Terms and Conditions. You can opt-out of communications at any time. We respect your privacy.

Other stories you may enjoy...

The Internet: Then and Now

It has been a big week in tech. Not only did we have the Google I/O keynote yesterday (last week’s blog covered that in more detail), but also Kleiner Perkins Caufield &...

Information Gathering — Web Application Analysis

Till now we have seen theory part of web application security. Now I will try to include various ethical hacking/ penetration testing aspects with visual / video. At initial level...

Vulnerability Assessment IV

Scan Types: Central Scan or Individual Scan? It is always the question which type of scan is more effective? Both scans have pros and cons. For example Central Scan is...