What is WPScan?
WPScan is wonderful and super fast wordpress vulnerability scanner written in ruby language, sponsored by RandomStorm and hosted by Googlecode. It provides you an easy way to penetrate wordpress blogs using blackbox techniques.
You can find the following stuff about any wordpress blog using this ruby application:
- List of plugins
- Name of theme
- Bruce forcing Weak Password for specific user
- Brute force username
- Directory listings
- Version details
- Possible vulnerabilities.
How to Install WPScan?
Before you install WPScan, you have to install number of dependencies essential by this tiny ruby application. BTW i am using BackTrack5 Linux.
Dependencies :
apt-get install libcurl4-gnutls-dev
gem install --user-install mime-types
gem install --user-install xml-simple
gem install --user-install typhoeus
WPScan Installation :
cd /pentest/web/
wget http://wpscan.googlecode.com/files/wpscan-1.0.zip
unzip wpscan-1.0.zip
cd wpscan
How to use WPScan?
It is almost cooked. One more thing we need here; is to download keywords database which will be used for brute forcing.
wget http://static.hackersgarage.com/darkc0de.lst.gz
gunzip darkc0de.lst.gz
Example usage of this ant application :
Do ‘non-intrusive’ checks…
ruby ./wpscan.rb --url www.hackersgarage.com
Do wordlist password brute force on enumerated users using 50 threads…
ruby ./wpscan.rb --url www.hackersgarage.com --wordlist darkc0de.lst --threads 50
Do wordlist password brute force on the ‘admin’ username only…
ruby ./wpscan.rb --url www.hackersgarage.com --wordlist darkc0de.lst --username admin
Generate a new ‘most popular’ plugin list, up to 150 pages…
ruby ./wpscan.rb --generate_plugin_list 150
Enumerate instaled plugins…
ruby ./wpscan.rb --enumerate p
Still in trouble with configuration ? Ask in comments.