Install and Use WPScan on Linux – A WordPress Vulnerability Scanner

WPScan is a command line wp vulnerability scanner that can be used to scan WordPress vulnerabilities. It comes pre-installed on the following penetration testing Linux distributions.

BackBox Linux

Kali Linux

Pentoo

SamuraiWTF

BlackArch

WPScan is available from Github. Now let's see how to install WPScan on Ubuntu 16.04/16.10, Debian 8, Fedora 24, Arch Linux and explain how to use this wp exploit scanner.

How to Install WPScan on Ubuntu 16.04, 16.10

First, install dependencies.

sudo apt install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential libgmp-dev zlib1g-dev

Then install Git version control tool.

sudo apt install git

Clone the Github repository.

git clone https://github.com/wpscanteam/wpscan.git

Install it.

cd wpscan sudo gem install bundler bundle install --without test development Install WPScan on Debian 8

First, install dependencies

sudo apt install git ruby ruby-dev libcurl4-openssl-dev make zlib1g-dev

Then clone repository and install it

git clone https://github.com/wpscanteam/wpscan.git cd wpscan sudo gem install bundler bundle install --without test development Install WPScan on Fedora 24

First, install dependencies.

sudo dnf install git gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch rpm-build

Then clone repository and install it

git clone https://github.com/wpscanteam/wpscan.git cd wpscan sudo gem install bundler bundle install --without test development Install WPScan on Arch Linux

First, install dependencies.

sudo pacman -Syu ruby libyaml git

Then clone repository and install it

git clone https://github.com/wpscanteam/wpscan.git cd wpscan gem install bundler bundle install --without test development How to Use WPScan

Make sure you are in wpscan folder.

cd wpscan

To update database to the lastest version, run

ruby wpscan.rb --update

Scan installed plugins

ruby wpscan.rb --url http(s)://your-domain.com --enumerate p

Scan vulnerable plugins

ruby wpscan.rb --url http(s)://your-domain.com --enumerate vp

Scan installed themes

ruby wpscan.rb --url http(s)://your-domain.com --enumerate t

Scan vulnerable themes

ruby wpscan.rb --url http(s)://your-domain.com --enumerate vt

Scan user accounts:

ruby wpscan.rb --url http(s)://your-domain.com --enumerate u

Scan vulnerable timthumb files:

ruby wpscan.rb --url http(s)://your-domain.com --enumerate tt

Enjoy this wp vulnerability scanner. And as always, if you found this post useful, then subscribe to our free newsletter or follow us on Google+, Twitter or like our Facebook page. Thanks for visiting!

Source: Install and Use WPScan on Linux – A WordPress Vulnerability Scanner