WordPress vulnerability scanner. This tool is a must-have for any WordPress developer to scan for vulnerabilities and solve issues before they get exploited by hackers. Together with Nikto, a great web server assessment tool, this tool should be part of any penetration test targeting a WordPress website or blog.
WPScan comes pre-installed on the following Linux distributions:
- BackBox Linux
- Kali Linux
- Pentoo
- Marchessault
- BlackArch
- Total vulnerable versions: 98
- Total vulnerable plugins: 1.076
- Total vulnerable themes: 361
- Total version vulnerabilities: 1.104
- Total plugin vulnerabilities: 1.763
- Total theme vulnerabilities: 443
WPScan update
Start with the following command to update the WPScan vulnerabilities database:
wpscan –update
Scanning WordPress vulnerabilities
After updating the vulnerability database use the following command to scan the target website for the most popular and recent vulnerabilities:
wpscan –URL [wordpress url]
How to enumerate WordPress users
The WordPress user enumeration tool is used the retrieve a list of registered WordPress users for the target host. User enumeration is the first step when an attacker wants to gain access to a specific target by brute-forcing. The enumeration tool scans the target on posts, pages, and custom types for authors and usernames.
Use the following command to enumerate the WordPress users:
wpscan –URL [wordpress url]–enumerate u
How to brute force the root password
Use the following command to brute force the password for user root:
wpscan –URL [wordpress url]–wordlist [path to wordlist]–username [username to brute force]–threads [number of threads to use]
How to avoid WordPress User Enumeration
If you want to avoid WordPress user enumeration, you should avoid using the username as nickname and display name which is shown publicly in WordPress. The best option is to choose an administrator username that consists of random characters and use a different nickname. WPScan scans for usernames in the URL’s so if you won’t use the username it cannot be scanned by WPScan. Another way to prevent user enumeration is to use a different account to publish posts and answer replies.
How to avoid Wordpres password brute-forcing
The best way to keep attackers using brute force methods out is to limit the login attempts for an IP address. There are several plug-ins available for WordPress to limit the number of login attempts for a specific username and IP, such as Wordfence. The latest WordPress versions have the option to limit login attempts by default. Make sure you limit entries to a maximum of 3 and increase lock-out time a lot after 2 lockouts (which is 6 password attempts).
Enumeration Arguments
Find below an overview of enumeration arguments that can be used for scanning:
- –enumerate | -e [option(s)] Enumeration.
- option :
- u – usernames from id 1 to 10
- u[10-20] usernames from id 10 to 20 (you must write [] chars)
- p – plugins
- VP – only vulnerable plugins
- ap – all plugins (can take a long time)
- tt – timthumbs
- t – themes
- vt – only vulnerable themes
- at – all themes (can take a long time)
- Multiple values are allowed: “-e tt,p” will enumerate timthumbs and plugins
If you’re interested in learning more about web penetration testing you can follow any of these online courses:
☠🔰Pulkit Saini🔰☠
☠💀Nothing is Impossible in front of me💀☠
☠💀This is Only For Educational Purpose 💀☠
Owner Made with ❤️ by Pulkit Saini
For Your Support:-
Subscribe to my YouTube Channel:-
https://www.youtube.com/pulkitpy
Follow me on Instagram:-https://www.instagram.com/pulkit_py/
Follow us on Instagram:-
https://www.Instagram.com/pulkitpy
Follow us on Github:-
https://github.com/Pulkit-Py
Join Us on Telegram:-
https://t.me/pulkit_py
0 Comments