How To enumerate WordPress website by #wpscan (2)

How To Enumerate WordPress Website User With WPscan

WPScan is a discovery WordPress vulnerability scanner that can be utilized to examine remote WordPress installations to discover security issues.

What is WordPress?

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. You can build and maintain a site with no information on coding. This software enables you to modify pretty much every part of your site.

Advantages of WordPress:

  • Ease to use
  • Deal with Your Website from Any Computer
  • No HTML Editing or FTP Software Required
  • The Design of Your Website is 100% Customizable
  • Have multiple users

Disadvantages of WordPress:

  • You Need Lots of Plugins For Additional Features
  • Frequent Theme and Plugin Updates
  • Slow Page Speed
  • Website Vulnerability
  • Site Can Go Down Without Notice

Requirement for WPscan:

How to Install WPScan?

Step 1: Install Git

  • Mac/Debian/Ubuntu: Sudo apt-get install git
  • Fedora:  yum install git
  • ArchLinux:  Pacman -S git

Step 2: Install Linux Dependencies

  • Ubuntu 14.04+: sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential
  • Prior to Ubuntu 14.04: sudo apt-get install libcurl4-openssl-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev 
  • Debian: sudo apt-get install git ruby ruby-dev libcurl4-openssl-dev make
  • Fedora: sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch
  • ArchLinux: pacman -Syu ruby

Step 3: Clone repository from Github

git clone https://github.com/wpscanteam/wpscan.git

Step 4: Install the Bundler

  • Mac: sudo gem install bundler && sudo bundle install –without test
  • Ubuntu: sudo gem install bundler && bundle install –without test
  • Debian: sudo gem install bundler && bundle install –without test
  • Fedora: bundle install –without test –path vendor/bundle
  • ArchLinux: sudo gem install bundler && bundle install –without test
                           gem install typhoeus
                           gem install nokogiri

Step 5: Update WPScan

  • Change directories: cd wpscan
  • Update WPScan: git pull

ruby wpscan.rb –update

How to use WPScan?
wpscan –help

 wpscan –url http://yourwebsite.com

 wpscan –url http://yourwebsite.com –enumerate u

Previous articleDiscover Devices in the Network with ARP-Scan
Next articleHow to Find Information About Websites with Th3inspector

LEAVE A REPLY

Please enter your comment!
Please enter your name here