WPScan – WordPress Security Scanner

by

in Penetration Testing, Web Application Analysis

 

Exploiting, Injecting WordPress

Wordpress Blackbox testing

What is WPScan?

WPScan is wonderful and super fast wordpress vulnerability scanner written in ruby language, sponsored by RandomStorm and hosted by Googlecode. It provides you an easy way to penetrate wordpress blogs using blackbox techniques.

You can find the following stuff about any wordpress blog using this ruby application:

  • List of plugins
  • Name of theme
  • Bruce forcing Weak Password for specific user
  • Brute force username
  • Directory listings
  • Version details
  • Possible vulnerabilities.

How to Install WPScan?

Before you install WPScan, you have to install number of dependencies essential by this tiny ruby application. BTW i am using BackTrack5 Linux.

Dependencies :

apt-get install libcurl4-gnutls-dev
gem install --user-install mime-types
gem install --user-install xml-simple
gem install --user-install typhoeus

WPScan Installation :

cd /pentest/web/
wget http://wpscan.googlecode.com/files/wpscan-1.0.zip
unzip wpscan-1.0.zip
cd wpscan

How to use WPScan?

It is almost cooked. One more thing we need here; is to download keywords database which will be used for brute forcing.

wget http://static.hackersgarage.com/darkc0de.lst.gz
gunzip darkc0de.lst.gz

Example usage of this ant application :

Do ‘non-intrusive’ checks…
ruby ./wpscan.rb --url www.hackersgarage.com

Do wordlist password brute force on enumerated users using 50 threads…
ruby ./wpscan.rb --url www.hackersgarage.com --wordlist darkc0de.lst --threads 50

Do wordlist password brute force on the ‘admin’ username only…
ruby ./wpscan.rb --url www.hackersgarage.com --wordlist darkc0de.lst --username admin

Generate a new ‘most popular’ plugin list, up to 150 pages…
ruby ./wpscan.rb --generate_plugin_list 150

Enumerate instaled plugins…
ruby ./wpscan.rb --enumerate p

Still in trouble with configuration ? Ask in comments.

Related Posts:

andrie

its cool, and in want to try first..

need your help if i have a problem

Silentplay3r

Andrie

Anytime :-)

You can send your suggested topics on tips at hackersgarage.com

python

I use this command but show error

Command :
ruby ./wpscan.rb –url http://www. ruby ./wpscan.rb –url http://www.dhakaeducationboard.gov.bd/wp-login.php –wordlist darkc0de.lst –username admi
dhakaeducationboard.gov.bd/wp-login.php –wordlist darkc0de.lst –username admi

Error :
./wpscan.rb:143: uninitialized constant GetoptLong (NameError)

Syed Alam

@Python

You might be running an old version of Ubuntu,
FIX is simply add the line to the file /usr/bin/gem
require 'rubygems/gem_runner'
after
require 'rubygems'
Issue is fixed in new version i guess.

modehema

when id my scan here is the result
/pentest/web/wpscan-1.0/lib/discover.rb:138:in `theme_name’: uninitialized constant Discover::Typhoeus (NameError)
from ./wpscan.rb:245:in `’

what is that mien ?
i think there is some error
what can i do 2 fix this

Silentplay3r

Dead Modehema

Can you provide us the output of ( To check version )
ruby
gem

Also are you using BackTrack Linux? Which version?

Mizero

can Wpscan be used on iwindows if so can you
tell me how it would be a usefull information

Anon

I have installed everything that I need to install but at the end of installing wpscan I put this cd wpscan in Terminal but it doesn’t do anything but gives an error? No such file or directory.

Anon

Ok never mind I figured it out :D

Anon

What if there is no admin? I have found about seven names but none of them are admin? It took around 24 hours for the password brute but didn’t give a password for the first name that was on the list?

Chris

Hi,
first of all thanks for this great instruction! I have only one problem, every time i tried to brute the password of my blog i get “ERROR: We recieved an unknown response…”
Do you have a solution for this?
Best!

Syed Alam

@Chris, make sure you have internet working on terminal. Are you able to browse elinks google.com

Neno

Hi, I have same problem, i have instaled elinks and still same problem

Syed Alam

Neno,

elinks is use to browse website on shell. It isn’t require by WPScan

Maruf Alam
Syed Alam

which version are you using of ruby and gem?

Maruf Alam

Last version bro@Sayed

hi

hello folks
i am looking for username.lst but i can not find please help if you know about it..
i want download it and use it for crack wp username

W.K

Hello,

I want to hack http://www.—.wordpress.com but its not going at right side, it shows an error. I did all commands correctly. Is there any other method to deface that blog or to access its admin panel? Its urgent please!

joker

[ERROR] The file “darkc0de.lst” does not exist

It appear when i test this tool
how can i solve

Syed Alam

Joker
run these commands wpscan folder.
wget http://static.hackersgarage.com/darkc0de.lst.gz
gunzip darkc0de.lst.gz

carson

Would you consider updating this blog post, or creating a second post that goes over how to install this now that the code has matured past v1.0?

Daniel

I have a small question, I ran wpscan using the command:

ruby ./wpscan.rb –url somesite.com –wordlist darkc0de.lst –threads 50

I got the results:

[SUCCESS] Username:******** Password:/.,
[SUCCESS] Username:******** Password:/.,mnb
[SUCCESS] Username:******** Password:/.,mn
[SUCCESS] Username:******** Password:/.,m
[SUCCESS] Username:******** Password:/.,mn
[SUCCESS] Username:******** Password:/.,m
[SUCCESS] Username:******** Password:/.,
[SUCCESS] Username:******** Password:/.,mnb
[SUCCESS] Username:******** Password:/M/1
[SUCCESS] Username:******** Password:.plan

But none of the passwords worked even thou they returned as success.

Why does this happen?

just me

Dud i wanna hack a website mela.pk please do it now, pleaseeee

Baris

I get this error…

ERROR: We recieved an unknown response for 012i0lid43
ERROR: We recieved an unknown response for 012i0n
ERROR: We recieved an unknown response for 012din87319
.
.
.

am-bd

can i use this in windows? pls tell, or if not then is there any way to do this in windows?

Syed Alam

yes ‘Unofficially WPScan supports it.’
From WPScan readme file, it says :

Installing on Windows: (not tested)
gem install typhoeus
gem install nokogiri
gem install json

mark

i got this error when im trying to brute force

/pentest/web/wpscan-1.0/lib/bruter.rb:41:in `brute’: undefined method `disable_memoization’ for # (NoMethodError)
from wpscan.rb:369:in `’

please help

Previous post:

Next post: