web application – cms wpscan

WPScan is a black box WordPress vulnerability scanner.


--url   | -u <target url>  The WordPress URL/domain to scan.

--force | -f Forces WPScan to not check if the remote site is running WordPress.

--enumerate | -e [option(s)]  Enumeration.
 option :
   u        usernames from id 1 to 10
   u[10-20] usernames from id 10 to 20 (you must write [] chars)
   p        plugins
   p!       only vulnerable plugins
   t        timthumbs
 Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins
 If no option is supplied, the default is 'upt'

--follow-redirection  If the target url has a redirection, 
it will be followed without asking if you wanted to do so or not

--proxy  Supply a proxy in the format host:port 
(will override the one from conf/browser.conf.json)

--wordlist | -w <wordlist>  Supply a wordlist for the password bruter 
and do the brute.

--threads  | -t <number of threads>  The number of threads to use when 
multi-threading requests. (will override the value from conf/browser.conf.json)

--username | -U <username>  Only brute force the supplied username.

--help     | -h This help screen.

--verbose  | -v Verbose output.


Do ‘non-intrusive’ checks…

root@bt:/pentest/web/wpscan#ruby wpscan.rb --url http://www.example.com

Do wordlist password brute force on enumerated users using 50 threads…

ruby wpscan.rb --url http://www.example.com --wordlist darkc0de.lst --threads 50

Do wordlist password brute force on the ‘admin’ username only…

ruby wpscan.rb --url http://www.example.com --wordlist darkc0de.lst --username admin

Enumerate instaled plugins…

ruby wpscan.rb --url http://www.example.com --enumerate p

Run all enumeration tools…

ruby wpscan.rb --url http://www.example.com --enumerate



__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_| v1.1

WordPress Security Scanner by ethicalhack3r.co.uk
Sponsored by the RandomStorm Open Source Initiative

[?] An update is available. Update to rev 425? [y/n]

Updated to revision 425

root@bt:/pentest/web/wpscan#ruby wpscan.rb --url
[ERROR] no such file to load -- nokogiri
[TIP] Try to run 'gem install nokogiri' or 'gem install --user-install nokogiri'. If you still get an error, Please see README file or http://code.google.com/p/wpscan/

root@bt:/pentest/web/wpscan# gem install --user-install nokogiri

WARNING: You don't have /root/.gem/ruby/1.9.2/bin in your PATH,
gem executables will not run.
Building native extensions. This could take a while...
Successfully installed nokogiri-1.5.5
1 gem installed
Installing ri documentation for nokogiri-1.5.5...
Installing RDoc documentation for nokogiri-1.5.5...

root@bt:/pentest/web/wpscan#ruby wpscan.rb --url (Should now work)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s