What is WPScan?
WPScan is wonderful and super fast wordpress vulnerability scanner written in ruby language, sponsored by RandomStorm and hosted by Googlecode. It provides you an easy way to penetrate wordpress blogs using blackbox techniques.
You can find the following stuff about any wordpress blog using this ruby application:
- List of plugins
- Name of theme
- Bruce forcing Weak Password for specific user
- Brute force username
- Directory listings
- Version details
- Possible vulnerabilities.
How to Install WPScan?
Before you install WPScan, you have to install number of dependencies essential by this tiny ruby application. BTW i am using BackTrack5 Linux.
Dependencies :
apt-get install libcurl4-gnutls-dev
gem install --user-install mime-types
gem install --user-install xml-simple
gem install --user-install typhoeus
WPScan Installation :
cd /pentest/web/
wget http://wpscan.googlecode.com/files/wpscan-1.0.zip
unzip wpscan-1.0.zip
cd wpscan
How to use WPScan?
It is almost cooked. One more thing we need here; is to download keywords database which will be used for brute forcing.
wget http://static.hackersgarage.com/darkc0de.lst.gz
gunzip darkc0de.lst.gz
Example usage of this ant application :
Do ‘non-intrusive’ checks…
ruby ./wpscan.rb --url www.hackersgarage.com
Do wordlist password brute force on enumerated users using 50 threads…
ruby ./wpscan.rb --url www.hackersgarage.com --wordlist darkc0de.lst --threads 50
Do wordlist password brute force on the ‘admin’ username only…
ruby ./wpscan.rb --url www.hackersgarage.com --wordlist darkc0de.lst --username admin
Generate a new ‘most popular’ plugin list, up to 150 pages…
ruby ./wpscan.rb --generate_plugin_list 150
Enumerate instaled plugins…
ruby ./wpscan.rb --enumerate p
Still in trouble with configuration ? Ask in comments.
28 replies on “WPScan – WordPress Security Scanner”
its cool, and in want to try first..
need your help if i have a problem
Andrie
Anytime 🙂
You can send your suggested topics on tips at hackersgarage.com
I use this command but show error
Command :
ruby ./wpscan.rb –url http://www. ruby ./wpscan.rb –url http://www.dhakaeducationboard.gov.bd/wp-login.php –wordlist darkc0de.lst –username admi
dhakaeducationboard.gov.bd/wp-login.php –wordlist darkc0de.lst –username admi
Error :
./wpscan.rb:143: uninitialized constant GetoptLong (NameError)
@Python
You might be running an old version of Ubuntu,
FIX is simply add the line to the file /usr/bin/gem
require 'rubygems/gem_runner'after
require 'rubygems'Issue is fixed in new version i guess.
when id my scan here is the result
/pentest/web/wpscan-1.0/lib/discover.rb:138:in `theme_name’: uninitialized constant Discover::Typhoeus (NameError)
from ./wpscan.rb:245:in `’
what is that mien ?
i think there is some error
what can i do 2 fix this
Dead Modehema
Can you provide us the output of ( To check version )
rubygemAlso are you using BackTrack Linux? Which version?
can Wpscan be used on iwindows if so can you
tell me how it would be a usefull information
I have installed everything that I need to install but at the end of installing wpscan I put this cd wpscan in Terminal but it doesn’t do anything but gives an error? No such file or directory.
Ok never mind I figured it out 😀
What if there is no admin? I have found about seven names but none of them are admin? It took around 24 hours for the password brute but didn’t give a password for the first name that was on the list?
Hi,
first of all thanks for this great instruction! I have only one problem, every time i tried to brute the password of my blog i get “ERROR: We recieved an unknown response…”
Do you have a solution for this?
Best!
@Chris, make sure you have internet working on terminal. Are you able to browse
elinks google.comHi, I have same problem, i have instaled elinks and still same problem
Neno,
elinks is use to browse website on shell. It isn’t require by WPScan
Fucking Error!http://i.imgur.com/kYpJb.png🙁 🙁
which version are you using of ruby and gem?
Last version bro@Sayed
hello folks
i am looking for username.lst but i can not find please help if you know about it..
i want download it and use it for crack wp username
Hello,
I want to hack http://www.—.wordpress.com but its not going at right side, it shows an error. I did all commands correctly. Is there any other method to deface that blog or to access its admin panel? Its urgent please!
[ERROR] The file “darkc0de.lst” does not exist
It appear when i test this tool
how can i solve
Joker
run these commands wpscan folder.
wget http://static.hackersgarage.com/darkc0de.lst.gzgunzip darkc0de.lst.gz
Would you consider updating this blog post, or creating a second post that goes over how to install this now that the code has matured past v1.0?
I have a small question, I ran wpscan using the command:
ruby ./wpscan.rb –url somesite.com –wordlist darkc0de.lst –threads 50
I got the results:
[SUCCESS] Username:******** Password:/.,
[SUCCESS] Username:******** Password:/.,mnb
[SUCCESS] Username:******** Password:/.,mn
[SUCCESS] Username:******** Password:/.,m
[SUCCESS] Username:******** Password:/.,mn
[SUCCESS] Username:******** Password:/.,m
[SUCCESS] Username:******** Password:/.,
[SUCCESS] Username:******** Password:/.,mnb
[SUCCESS] Username:******** Password:/M/1
[SUCCESS] Username:******** Password:.plan
But none of the passwords worked even thou they returned as success.
Why does this happen?
Dud i wanna hack a website mela.pk please do it now, pleaseeee
I get this error…
ERROR: We recieved an unknown response for 012i0lid43
ERROR: We recieved an unknown response for 012i0n
ERROR: We recieved an unknown response for 012din87319
.
.
.
can i use this in windows? pls tell, or if not then is there any way to do this in windows?
yes ‘Unofficially WPScan supports it.’
From WPScan readme file, it says :
Installing on Windows: (not tested)
gem install typhoeusgem install nokogiri
gem install json
i got this error when im trying to brute force
/pentest/web/wpscan-1.0/lib/bruter.rb:41:in `brute’: undefined method `disable_memoization’ for # (NoMethodError)
from wpscan.rb:369:in `’
please help