Tuesday, July 28, 04:44
Home security WPScan: How to detect vulnerabilities in your Wordpress website

WPScan: How to detect vulnerabilities in your WordPress website

WPScan: Millions websites all over the world have been created by the well known CMS a tool called WordPress. If your website is one of them, do you know about its vulnerabilities and more specifically those related to WordPress? If you want to know how to keep your website safe from such attacks, keep reading.

The most popular WordPress related troubleshooting tool is called WPScan and is a . tool written in Ruby. You can use it to scan your webiste for vulnerabilities related to the core WordPress version, plugins but also the themes you use. You can also detect weak passwords, users, and configuration issues security. The database used by WPScan to find the above is at the well known site wpvulndb.com and is constantly updated.

How to install it?

WPScan is pre-installed on the following Linux distos:

Ubuntu Linux

To install in Ubuntu environment first install the necessary dependencies:

sudo apt install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev build-essential libgmp-dev zlib1g-dev

Then - if it's not already installed - install git to clone it gps repository of WPScan:

sudo apt install git
git clone https://github.com/wpscanteam/wpscan.git

Complete the installation with the following commands:

cd wpscan
sudo gem install bundler
bundle install –without test development

Linux Debian

In a debian environment, install the necessary dependencies, clone it gps repository of WPScan and then install it:

sudo apt install git ruby ​​ruby-dev libcurl4-openssl-dev make zlib1g-dev
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler
bundle install –without test development

Windows

If you would like to install WPScan in a windows environment you should follow these steps:

  1. Install Ruby
    1. Download the zip file containing it installer of Ruby.
    2. Unzip the folder and run the file
    3. Choose the language you want and accept the License Agreement.
    4. Select the installation folder (ideally in path C: \ Ruby **)
  2. Install DevKit
    1. Download it DevKit for use with Ruby 2.0 and above.
    2. Unzip the folder and run the file (change the default path to C: \ DevKit)
    3. Open the command prompt with administrator permissions
    4. Navigate to the installation folder using the cd command C: \ DevKit, and then execute the following commands to complete DevKit binding with Ruby:
ruby dk.rb init
install ruby ​​dk.rb
  1. Install cURL
    1. Download the cURL tool from here and run the installation wizard.
    2. Make sure you have C headers, lib and dll files installed during setup.

WPScan WordPress

    1. Installation must be done in filepath C: \ Program Files (x86) \ cURL.
    2. Check that file libcurl.dll successfully installed here: C: \ Program Files (x86) \ cURL \ dlls
  1. Installing WPScan
    1. Download the zip file containing the installer from here.
    2. Unzip the folder and run the file
    3. Select the installation folder (C: \ wpscan)
    4. Extract the data.zip to the C: \ wpscan folder to create C: \ wpscan \ data
    5. Copy the libvurl.dll file to the filepath C: \ Ruby22 \ bin
  2. Install Ruby Gems
    1. Open the command prompt
    2. Browse to C: \ wpscan and
    3. Execute the following commands:
gem install bundler
gem install typhoeus
gem install rspec-its
gem install ruby-progressbar
gem install nokogiri
gem install terminal-table
gem install webmock
gem install simplecov
gem install rspec
gem install xml-simple
gem install yajl-ruby
gem install bundler && bundle install –without test

To start WPScan while in the C: \ wpscan folder, run the following command:

ruby wpscan.rb

How to use it

Now let's look at some of the commands we can use with WPScan.

Initially we can see all the possible options we have running wpscan –help

root @ kali-elena: ~ # wpscan --help _______________________________________________________________ __ _______ _____ \ \ / / __ \ / ____ | \ \ / \ / / | __) | (___ ___ __ _ _ __ (r) \ \ / \ / / | ___ / \ ___ \ / __ | / _` | '_ \ \ / \ / | | ____) | (__ | (_ | | | | | \ / \ / | _ | | _____ / \ ___ | \ __, _ | _ | | _ | WordPress Security Scanner by the WPScan Team Version 3.6.3 Sponsored by Sucuri - https: // sucuri.net @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_ _______________________________________________________________ Usage: wpscan [options] --url URL The blog URL to scan Allowed Protocols: http, https Default Protocol if none provided: http This option is mandatory unless update or help or hh or version is / are supplied -h, --help Display the simple help and exit --hh Display the full help and exit --version Display the version and exit -v, --verbose Verbose mode - [no-] banner Whether or not to display the banner Default: true -o, --output FILE Output to FILE -f, --format FORMAT Output results in available format: cli-no-color, cli-no -color, cli, json --detection-mode MODE Default: mixed Available choices: mixed, passive, aggressive --user-agent, --ua VALUE --random-user-agent, --rua Use a random user-ag ent for each scan --http-auth login: password -t, --max-threads VALUE The max threads to use Default: 5 --throttle MilliSeconds Milliseconds to wait before doing another web request. If used, the max threads will be set to 1. --request-timeout SECONDS The request timeout in seconds Default: 60 --connect-timeout SECONDS The connection timeout in seconds Default: 30 --disable-tls-checks Disables SSL / TLS certificate verification --proxy protocol: // IP: port Supported protocols depend on the CURL installed --proxy-auth login: password --cookie-string COOKIE Cookie string to use in requests, format: cookie1 = value1 [; cookie2 = value2] --cookie-jar FILE-PATH File to read and write cookies Default: /tmp/wpscan/cookie_jar.txt --force Do not check if the target is running WordPress - [no-] update Whether or not to update the Database - wp-content-dir DIR The wp-content directory if custom or not detected, such as "wp-content" --wp-plugins-dir DIR The plugins directory if custom or not detected, such as " wp-content / plugins "-e, --enumerate [OPTS] Enumeration Process Available Choices: vp Vulnerable plugins ap All plugins v Plugins vt Vulnerable themes at All themes tt Timthumbs cb Config backups dbe Db exports u User IDs range. eg: u1-5 Range separator to use: '-' Value if no argument supplied: 1-10 m Media IDs range. eg m1-15 Note: The permalink setting must be set to 'Plain' for those to be detected Range separator to use: '-' Value if no argument supplied: 1-100 Separator to use between values: ',' Default: All Plugins, Config Backups Value if no argument supplied: vp, vt, tt, cb, dbe, u, m Incompatible choices (only one of each group / s can be used): - vp, ap, p - vt, at, t --exclude-content-based REGEXP_OR_STRING Exclude all responses matching the Regexp (case insensitive) during parts of the enumeration. Both the headers and the body are checked. Regexp delimiters are not required. --plugins-detection MODE Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode. Default: passive Available choices: mixed, passive, aggressive --plugins-version-detection MODE Use the supplied mode to check plugin versions instead of the --detection-mode or --plugins-detection modes. Default: mixed Available choices: mixed, passive, aggressive --plugins-threshold THRESHOLD Raise an error when the number of detected plugins reaches the threshold through known locations. Set to 0 to ignore the threshold. Default: 100 --themes-threshold THRESHOLD Raise an error when the number of detected themes reaches the threshold through known locations. Set to 0 to ignore the threshold. Default: 20 -P, --passwords FILE-PATH List of passwords to use during the password attack. If no --username / s option is supplied, user enumeration will run. -U, --usernames LIST List of usernames to use during the password attack. Examples: 'a1', 'a1, a2, a3', '/tmp/a.txt' --multicall-max-passwords MAX_PWD Maximum number of passwords to send with XMLRPC multicall request Default: 500 --password-attack ATTACK Force the supplied attack to be used rather than automatically determining one. Available choices: wp-login, xmlrpc, xmlrpc-multicall --stealthy Alias ​​for --random-user-agent --detection-passive mode --plugins-version-detection passive [!] See full list of options to use - hh.

The following command will allow us to scan our website for vulnerabilities

wpscan –url www.mysite.gr

WordPress website

If we want to test our site for a vulnerable plugin then we need to use the –enumerate vp parameter

wpscan –url www.mysite.gr –enumerate vp

We will see a lot of information from the results and in case there is a vulnerable plugin we will see it next to a red exclamation mark. In such a case we should proceed immediately Update.

If we want to check for sensitive themes, the -enumerate vt parameter will help.

wpscan –url www.mysite.gr –enumerate vt

We can also see the list of users and their permissions using the enumerate -u parameter

wpscan –url www.mysite.gr –enumerate u

WPScan WordPress

We look forward to your feedback. How did you find WPScan? Will you use it?

LEAVE ANSWER

Please enter your comment!
Please enter your name here

stormi
stormi
Here's the crazy ones, the misfits, the rebels, the troublemakers ...

LIVE NEWS

CISA: BIG-IP vulnerability used for attacks on US government

According to a statement from the US Cybersecurity and Infrastructure Security Agency (CISA) on Friday, the recently corrected vulnerability that affects ...

Pepperstone warns its customers about data breach

Pepperstone, a world-renowned foreign exchange broker based in Australia, has warned its customers that malicious agents are sending misleading messages ...

Twitter: Virtual abstention of users as a protest against anti-Semitism

Twitter users of "important profiles" are participating in a 48-hour virtual "abstention", in protest of the anti-Semitic tweets of the grime artist Wiley.

The source code of 50 companies leaked! Among them Microsoft - AMD

Recently, the source code was leaked from the repositories of dozens of companies operating in various sectors, such as the economy, technology, retail ...

Pentagon: Will it publish UFO findings?

The Pentagon may publish UFO findings, while the Senate Committee reports that the strange UFO images continue to be analyzed.

Ubuntu Retro Remix: A gaming distribution for Raspberry Pi devices

Recently, a new distribution of ubuntu was announced, which will be compatible with the Raspberry Pi and ...

Google: Collects data from competitors to develop its apps!

While Google is subject to strict antitrust control, reports have come to light that the company may ...

Samsung Exynos: Will we see them soon on Windows PCs?

Following Samsung's delays in new Exynos mobile processors, it is rumored to be working on an Exynos processor for Windows PCs ....
00:02:00

Microsoft PowerToys v0.20: New update with Color Picker added

The next version of PowerToys v0.20 for Windows 10 coming later this month will introduce a new feature ...

Trump agents spray pepper on a war veteran

During a protest in Portland, Donald Trump agents sprayed pepper on a Vietnam War veteran this weekend ....