Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!
« previous next »
Pages: [1]   Go Down

Author Topic: WPScan: Tool to Detect Vulnerable Themes & Plugins in WordPress  (Read 5020 times)

0 Members and 1 Guest are viewing this topic.

jominj

  • Guest
WPScan: Tool to Detect Vulnerable Themes & Plugins in WordPress
« on: February 23, 2015, 07:11:22 am »
Security Tool to Scan for Vulnerable Plugins and Themes in WordPress: WPScan

WPScan is a very useful security tool that can found the vulnerable plugins and themes in the WordPress installation. I will describe how to install the Wpscan on Ubuntu distribution.

1. First we will need to install the git program.
Code: [Select]
sudo apt-get install git
2. Now we have to install some dependencies
Code: [Select]
sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev ruby1.9.3
3. Then we have to clone the wpscan from the git repository
Code: [Select]
git clone https://github.com/wpscanteam/wpscan.git
4. The installation of wpscan is complete now, but we need the ruby package to run the wpscan.
Code: [Select]
cd wpscan
sudo gem install bundler && bundle install --without test
Installation on Debian
For installation in Debian follow below steps:
Code: [Select]
sudo apt-get install git ruby ruby-dev libcurl4-gnutls-dev make
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler
bundle install --without test --path vendor/bundle
Installation on Fedora
Code: [Select]
sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test
Now let's check some options  that is usable:
--update  -  update the databases.
Code: [Select]
ruby wpscan.rb --update
For a performing a non intrusive test:   
Code: [Select]
ruby wpscan.rb --url www.example.com
Do wordlist brute force on the WordPress site:   
Code: [Select]
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
Enumerate installed plugins which are vulnerable: 
Code: [Select]
ruby wpscan.rb --url www.example.com --enumerate vp
Enumerate themes which are vulnerable:   
Code: [Select]
ruby wpscan.rb --url www.example.com --enumerate vt
Enumerate users:   
Code: [Select]
ruby wpscan.rb --url www.example.com --enumerate u
To scan for a custom content directory: 
Code: [Select]
ruby wpscan.rb -u www.example.com --wp-content-dir custom-content
The scan results will show detailed information about the vulnerability and site urls to know more details about the vulnerability.
Logged
Pages: [1]   Go Up
« previous next »