Ethical Hacking Tutorials

Hacking websites with WPScan 🧐

WPScan is a powerful vulnerability scanner for analysing websites built using the WordPress platform. In this guide, we’ll explore the top commands that every ethical hacker needs to know to get the best from this tool.

Read this bit first

πŸ‘‰ I stronglyΒ condemn any illegal use of this material as is outlined in my legal disclaimer. There are plenty of responsible applications for this content, and it is here to inform ethical hackers, penetration testers, and anyone who is intrigued as to how systems are compromised. Remember the golden rule and THINK before you type. πŸ‘ˆ

WordPress is one of the most popular content management systems (CMS) out there, powering more than 40% of all websites on the internet. With so many websites running on WordPress, it’s no surprise that it’s also a popular target for hackers. WPScan is a tool that allows ethical hackers to scan WordPress sites for vulnerabilities and weaknesses. In this blog post, we’ll explore the top eight WPScan commands that any ethical hacker needs to know to make the most of this powerful tool.

How to install WPScan

WP Scan comes included with popular penetration testing operating systems including Kali Linux and Parrot OS. If you haven’t installed WPScan yet, you can do so by following these steps:

  1. Make sure you have Ruby installed on your system. WPScan requires Ruby version 2.5.0 or higher. You can check your Ruby version by running the command “ruby -v” in your terminal.
  2. Install the required Ruby gems by running the command “gem install bundler && bundle install” in your terminal.
  3. Download WPScan by visiting its GitHub page (https://github.com/wpscanteam/wpscan) and clicking the “Code” button, then selecting “Download ZIP.” Alternatively, you can clone the repository by running the command “git clone https://github.com/wpscanteam/wpscan.git” in your terminal.
  4. Extract the downloaded ZIP file (if applicable) and navigate to the extracted directory in your terminal.
  5. Run the command “ruby wpscan.rb –update” to update WPScan’s vulnerability database.

Β 

You’re now ready to start using WPScan!

To test that it’s working correctly, run the command “ruby wpscan.rb –url http://www.example.com” (replacing “http://www.example.com” with the URL of the site you want to scan). WPScan will perform a basic scan of the site and return any vulnerabilities or weaknesses it finds.

Note that WPScan is a command-line tool, meaning it doesn’t have a graphical user interface. If you’re not comfortable using the command line, there are several GUI front-ends available for WPScan, such as WPScan-GUI (https://github.com/PaulSec/wpscan_gui) and wpscan-batch (https://github.com/wpscanteam/wpscan-batch).

Remember to use WPScan ethically and only on sites you have permission to scan. Unethical use of WPScan can result in severe legal consequences.

When should WP Scan be used?

WPScan should be used when you suspect the target’s website may be running WordPress. There are several ways of performing this check. The first of which is to insect the source code of the target’s website. Look for URLs that include: /wp-content/, wp-includes, among other WP generated URLs and content. A more aggressive approach would be to append /wp-admin/ next to the target’s domain, however, this may trigger alarms depending on the security suite your target uses. Assuming one exists at all.

Once you have both installed WPScan on either Kali Linux or ParrotOS, the following eight commands offer some of the core featuresΒ 

1) Specifying the target URL

The first and most basic WPScan command is “wpscan –url.” This command tells WPScan which site to scan. Simply replace “url” with the actual URL of the site you want to scan. For example, if you wanted to scan a site called “www.example.com,” you would use the command “wpscan –url http://www.example.com.” This command will perform a basic scan of the site and return any vulnerabilities or weaknesses it finds.

				
					wpscan -url https://example.com
				
			

2) General Enumeration

The next command on our list is “wpscan –enumerate.” This command tells WPScan to enumerate the site and gather as much information as possible. Enumeration is the process of extracting information from a target system, and it’s a crucial step in the ethical hacking process. WPScan’s enumeration feature can uncover valuable information about a site, including its WordPress version, installed plugins, and active themes.

				
					wpscan --enumerate
				
			

3) Enumerating usernames

The “u” in this command stands for “users.” Running “wpscan –enumerate u” will scan the site for user information, such as usernames and email addresses. This information can be used to launch targeted attacks, such as phishing or brute force attacks. It’s important to note that this command should only be used on sites you have permission to scan, as it can be a violation of privacy laws to gather user information without consent.

				
					wpscan --enumerate u
				
			

4) Enumerating plugins

The “p” in this command stands for “plugins.” Running “wpscan –enumerate p” will scan the site for installed plugins and their versions. This information can be used to identify vulnerabilities in the plugins and launch targeted attacks. It’s important to keep plugins up to date to reduce the risk of attacks.

				
					wpscan --enumerate p
				
			

5) Enumerating themes

The “t” in this command stands for “themes.” Running “wpscan –enumerate t” will scan the site for active themes and their versions. Like plugins, outdated themes can pose a security risk, so it’s important to keep them up to date.

				
					wpscan --enumerate t
				
			

6) Enumerating vulnerable plugins

The “vp” in this command stands for “vulnerable plugins.” Running “wpscan –enumerate vp” will scan the site for vulnerable plugins. WPScan maintains a database of known vulnerabilities in WordPress plugins, and this command uses that database to identify plugins that are known to be vulnerable. This information can be used to prioritize patching and reduce the risk of attacks.

				
					wpscan --enumerate vp
				
			

7) Enumerating vulnerable themes

The “vt” in this command stands for “vulnerable themes.” Running “wpscan –enumerate vt” will scan the site for vulnerable themes. Like the previous command, WPScan maintains a database of known vulnerabilities in WordPress themes, and this command uses that database to identify themes that are known to be vulnerable. This information can be used to prioritise patching and reduce the risk of attacks.

				
					wpscan --enumerate vt
				
			

8) Enumerating passwords

The final command on our list is “wpscan –wp-config.” Running this command will attempt to locate and download the site’s wp-config.php file, which contains sensitive information such as the site’s database credentials. This information can be used by attackers to gain access to the site’s database and potentially compromise the entire site. By locating and securing this file, ethical hackers can reduce the risk of a successful attack.

				
					wpscan --passwords
				
			

In conclusion...

WPScan is a powerful tool for ethical hackers looking to identify vulnerabilities and weaknesses in WordPress sites. By using the top eight WPScan commands we’ve outlined in this blog post, you can perform a thorough scan of a site and gather valuable information that can be used to reduce the risk of attacks. However, it’s important to use this tool ethically and only on sites you have permission to scan. Using WPScan on sites without permission is illegal and can result in severe legal consequences. If you’re unsure whether you have permission to scan a site, it’s always best to err on the side of caution and obtain explicit permission from the site’s owner or administrator.

Hey! Can we make it official? 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. I promise not to spam you, and you can count on me to keep your data safe πŸ˜‡

More Hacking Guides

Hacking Computers With Powershell Empire πŸ’€πŸ”“

How I learned Hacking, and my tips for fast-tracking the learning journey πŸ’»

This is how I hack WiFi networks πŸ₯·

How I hack websites using BurpsuiteπŸ’»

Nmap: an essential tool for hacking βœ…

Hacking websites with WPScan 🧐

Fifteen Steps to maximising firefox privacy πŸ”’βœ…

Download the complete FireFox checklist that I give to my counter-surveillance clients – completely free of charge! I will take you step-by-step through advanced Firefox Configurations that will help you maximise your privacy, security and anonymity.Β 

Enter your details below and I will email it to you straight away. And don’t worry, your data is safe with me πŸ˜‡

Access free subscriber only content 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. Your data will be encrypted and I will never sell it to third parties πŸ˜‡

UK Cybersecurity Company

About Aitken Security

Aitken Security is a UK Cybersecurity Company specialising in offensive and defensive security.