How to Use WPScan A Step-by-Step Tutorial
How to Use WPScan A Step-by-Step Tutorial
WPScan is a popular open-source security scanner specifically designed for WordPress websites. It is written in Ruby and allows users to identify security vulnerabilities within WordPress installations. WPScan conducts comprehensive scans to detect various issues such as outdated plugins, themes, and core files, as well as misconfigurations that could potentially be exploited by attackers. It also provides information on the WordPress version being used and suggests remedial actions to enhance the security posture of the website. WPScan is widely used by security professionals, administrators, and developers to proactively secure WordPress sites against potential threats and attacks.
How to Install the WPScan
- In Linux Distros We can Install the WPScan using the [sudo apt install Wpscan]
Or We Can Clone the GitHub Repository .
WpScan OPTIONS ➕
- -v ,–verbose =Verbose Mode
- -o , –output = Output to File
- –random-user-agent
- –http-auth login: password
- –force
- –api-token = for particular api token
- –wp-content-dir = for finding the wp directory
- –wp-plugins-dir = for plugins directory
- –stealthy = for stealthy scan
- –ignore-main-redirect = to redirect
- Now We Will Install Wpscan with docker.
- Pull the repo with docker pull wpscanteam/wpscan
How to run With wpscan with docker
How to Scan with Wpscan on cli
Command: Wpscan –url https://craw.in –random-user-agent –ignore-main-redirect
So we Will get this outptut.
Let’s See What we have founded.
These are The headers used by the domain which show’s the server is nginx and the firewall is sucuri
This is the robots.txt file data we have.
These are basic files which will help to identify the plugins and themes which are used by the domain.
Here We can see the fingerprint version the domain.
READ MORE ARTICLES HERE
Enumeration in Ethical Hacking
Footprinting and Phases of Hacking
Network Scanning
Top 10 VPNs to Use in 2024
About Author
English