WPScan: what is and how to install

WPScan is a very interesting and useful tool written in Ruby for scanning WordPress websites and find outdated versions of plugins, known vulnerabilities, enumeration of users etc…

It’s very easy to use and very powerful. These are the installation step.

$ sudo apt update

$ sudo apt install curl git libcurl4-openssl-dev make zlib1g-dev gawk g++ gcc libreadline6-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 autoconf libgdbm-dev libncurses5-dev automake libtool bison pkg-config ruby ruby-bundler ruby-dev -y

After this, let’s install WPScan using gem:

$ sudo gem install wpscan

To run the scan, first of all update the database and then run it:

$ wpscan --update
$ wpscan --url http://mytarget.com
An example of the output

If you are interested in staying updated on the recent WordPress you can have a look at wpvulndb.com

If you want to protect your WordPress installation you can also download the plugin that will test every day the security of your website.

To contribute you can find the project on Github at github.com/wpscanteam/wpscan

Happy (responsible) hacking!

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.