Wpscan V3.4.0 - Dark Box Wordpress Vulnerability Scanner


WPScan is a free, for non-commercial use, dark box WordPress vulnerability scanner written for safety professionals too weblog maintainers to attempt out the safety of their sites.

INSTALL

Prerequisites:
  • Ruby >= 2.2.2 - Recommended: 2.3.3
  • Curl >= 7.21 - Recommended: latest - FYI the 7.29 has a segfault
  • RubyGems - Recommended: latest

From RubyGems:
gem install wpscan

From sources:
Prerequisites: Git
git clone https://github.com/wpscanteam/wpscan cd wpscan/ parcel install && rake install

Docker
Pull the repo amongst docker clit wpscanteam/wpscan

Usage
wpscan --url blog.tld This volition scan the weblog using default options amongst a expert compromise betwixt speed too accuracy. For example, the plugins volition live checked passively simply their version amongst a mixed detection agency (passively + aggressively). Potential config backup files volition equally good live checked, along amongst other interesting findings. If a to a greater extent than stealthy approach is required, too thus wpscan --stealthy --url blog.tld tin live used. As a result, when using the --enumerate option, don't forget to laid upwardly the --plugins-detection accordingly, equally its default is 'passive'.
For to a greater extent than options, opened upwardly a terminal too type wpscan --help (if you lot built wpscan from the source, you lot should type the ascendency exterior of the git repo)
The DB is located at /.wpscan/db
WPScan tin charge all options (including the --url) from configuration files, the next locations are checked (order: get-go to last):
  • /.wpscan/cli_options.json
  • /.wpscan/cli_options.yml
  • pwd/.wpscan/cli_options.json
  • pwd/.wpscan/cli_options.yml
If those files exist, options from them volition live loaded too overridden if constitute twice.
e.g:
/.wpscan/cli_options.yml:
proxy: 'http://127.0.0.1:8080' verbose: true
pwd/.wpscan/cli_options.yml:
proxy: 'socks5://127.0.0.1:9090' url: 'http://target.tld'
Running wpscan inwards the electrical flow directory (pwd), is the same equally wpscan -v --proxy socks5://127.0.0.1:9090 --url http://target.tld

PROJECT HOME
https://wpscan.org

VULNERABILITY DATABASE
https://wpvulndb.com