WPScan
WPScan is a free, open-source command line tool that scans WordPress
websites for vulnerabilities:
What it does
WPScan checks for vulnerabilities in WordPress core, plugins, and themes.
It also checks for weak passwords and exposed files.
How it works
WPScan mimics an attacker by not relying on access to your WordPress
dashboard or source code.
Features
WPScan includes:
- A database of WordPress vulnerabilities that's continuously updated by WordPress security professionals
- A plugin that fits into existing workflows
- A CLI security scanner for security professionals
- An API for accessing the vulnerability database
Key Features:
- Vulnerability Detection: WPScan scans for known vulnerabilities in WordPress core, themes, and plugins using the WPScan Vulnerability Database.
- Enumeration: It can enumerate various aspects of a WordPress site, such as installed plugins, themes, and user accounts.
- Brute Force Testing: WPScan can perform brute force attacks to test the strength of user passwords.
- Customizable Scans: Users can customize their scans with various options, such as using a random user agent, throttling requests, or running in stealth mode to avoid detection.
How WPScan Works:
- Basic Scan: To perform a basic scan, you can use the following command:
wpscan --url yourwebsite.com
This command will scan the specified website and provide information
about its WordPress version, themes, plugins, and other potential
vulnerabilities.
- Enumerating Plugins:
wpscan --url yourwebsite.com --enumerate vp
This command will enumerate all vulnerable plugins on the specified
website.
- User Enumeration:
wpscan --url yourwebsite.com --enumerate u
This command will list all user accounts that can be discovered from the
outside.
- Brute Force Attack:
wpscan --url yourwebsite.com --passwords /path/to/passwordlist.txt --usernames admin
This command will attempt to brute force the password for the specified
username using a list of passwords.
How to use it
You can use additional flags to get specific information. For example, to
search for vulnerable plugins, you can use the command wpscan --url
yourwebsite.com -e vp --api-token YOUR_TOKEN.
Who uses it
WordPress administrators and security teams use WPScan to assess the
security of their WordPress installations.
You can regularly scan your WordPress site for malware at least once per
month. You should also run a scan whenever you change your website's
structure or install new plugins.
This post is covered in CySA+ and Pentest+
No comments:
Post a Comment