WordPress Security Scanner

0

Disclaimer

This guide is solely for educational purposes only. Any acts of hacking taught here is for Ethical Hacking. Any hacking actions done without permission of owner is considered an illegal act by the law. Hence, do practice on your own network structure and your own devices.

WordPress Security Scanner (WPScan) is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites. WPScan is a pre-installed software inside Kali Linux.

How to use WPScan

To check what options does the WPScan have you can use:

wpscan –help

To scan installed plugins:

wpscan –url http(s)://your-domain.com –enumerate p

To scan vulnerable plugins:

wpscan –url http(s)://your-domain.com –enumerate vp

Scan installed themes:

wpscan –url http(s)://your-domain.com –enumerate t

Scan vulnerable themes:

wpscan –url http(s)://your-domain.com –enumerate vt

Scan user accounts:

wpscan –url http(s)://your-domain.com –enumerate u

Scan vulnerable timthumb files:

wpscan –url http(s)://your-domain.com –enumerate tt

Leave a Reply

Your email address will not be published. Required fields are marked *