Web Penetration Testing Part 5 WPScan to scan WordPress website.

WPScan screenshot


WPScan:-


This tool is the same as Nikto it also scans website but it is specifically meant to scan Wordpress Sites to check vulnerabilities in Wordpress hosted sites. This tool comes with preinstalled into the Kali Linux.



To update this tool you can type:-


root@kali:~# wpscan --update 



to scan your target url 



root@kali:~# wpscan --url [target url]





Let's take a deep look into WPscan:-



1. enumerate vp

  
wpscan --url  yourtargeturl.com --enumerate vp


this will scan for vulnerable plugins or it will check that the plugins which are included are vulnerable or not.




2. enumerate vt


wpscan --url  yourtargeturl.com --enumerate vt


this will scan for vulnerability in the theme, yes themes are also vulnerable some times.


3. enumerate u


wpscan --url  yourtargeturl.com --enumerate u


this command is used to find usernames on the target website if you get username then you can perform a brute force attack to find out the password. 


To perform a brute force password attack on the target site then you can use a custom wordlist and can directly use wpscan to perform a brute force attack for you.

 
wpscan --url  yourtargeturl.com --wordlist passwords.txt threads 50




here --wordlist is used to specify the location of the wordlist it could be --wordlist /Desktop/password.txt threads 50

the speed of that attack will totally depend upon your internet speed and on your device performance.

If you are a website owner so its good opportunity to scan your website using this wpscan.


But if you didn't want someone to scan your website using WPScan then you can install some plugin to stop WPScan to scan your website or you can use Website FireWall to stop WPScan to scan your Website.

That's all about WPscan 

I hope that you have understood what is WPScan.

If you have any doubts regarding the above content then feel free to ask in the comment section.



The above content contains copyright ©Like null 

 

If you want to learn Web Penetration Testing then follow our course to it, and it is free of cost also.


Click Here to enroll.






Post a Comment

0 Comments