WPSCAN is wordpress security scanner, I’m using this great tool very often to check if my website of course based on popular blogging platform is secure without any holes. I’m doing this every month to prevent hackers hack my website.
We can download and install WPScan on linux machine..for this I’m using KaliLinux and I have Kali installed on Virtual Machine, by default WPScan is preinstalled on Kali linux. To scan our website with WPScan we will use command :
wpscan --url blog.tld ”
this will scan our wordpress blog with default options.
if you doesn’t want to be detected that u scanning someone else website please use this command :
“wpscan –stealthy –url blog.tld”
we can scan website using proxy, command below :
“wpscan -v –proxy socks5://127.0.0.1:9090 –url http://target.tld”
if we want to detect plugins and scan potential vulnelabirites in plugins then we need to add this :
How to install WPScan if we do not have Kali linux but other distribution ?
Ruby >= 2.3 – Recommended: latest
Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfault
RubyGems – Recommended: latest
gem install wpscan