WPScan is a very interesting and useful tool written in Ruby for scanning WordPress websites and find outdated versions of plugins, known vulnerabilities, enumeration of users etc…
It’s very easy to use and very powerful. These are the installation step.
$ sudo apt update
$ sudo apt install curl git libcurl4-openssl-dev make zlib1g-dev gawk g++ gcc libreadline6-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 autoconf libgdbm-dev libncurses5-dev automake libtool bison pkg-config ruby ruby-bundler ruby-dev -y
After this, let’s install WPScan using gem:
$ sudo gem install wpscan
To run the scan, first of all update the database and then run it:
$ wpscan --update
$ wpscan --url http://mytarget.com
If you are interested in staying updated on the recent WordPress you can have a look at wpvulndb.com
If you want to protect your WordPress installation you can also download the plugin that will test every day the security of your website.
To contribute you can find the project on Github at github.com/wpscanteam/wpscan
Happy (responsible) hacking!
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.