Monday, February 22, 02:18
Home security WPScan: How to detect vulnerabilities in your Wordpress website

WPScan: How to detect vulnerabilities in your WordPress website

WPScan: Millions websites all over the world have been created by the well known CMS a tool called WordPress. If your website is one of them, do you know about its vulnerabilities and more specifically those related to WordPress? If you want to know how to keep your website safe from such attacks, keep reading.

The most popular WordPress related troubleshooting tool is called WPScan and is a . tool written in Ruby. You can use it to scan your webiste for vulnerabilities related to the core WordPress version, plugins but also the themes you use. You can also detect weak passwords, users, and configuration issues security. The database used by WPScan to find the above is at the well known site wpvulndb.com and is constantly updated.

How to install it?

WPScan is pre-installed on the following Linux distos:

Ubuntu Linux

To install in Ubuntu environment first install the necessary dependencies:

sudo apt install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev build-essential libgmp-dev zlib1g-dev

Then - if it's not already installed - install git to clone it gps repository of WPScan:

sudo apt install git
git clone https://github.com/wpscanteam/wpscan.git

Complete the installation with the following commands:

cd wpscan
sudo gem install bundler
bundle install –without test development

Linux Debian

In a debian environment, install the necessary dependencies, clone it gps repository of WPScan and then install it:

sudo apt install git ruby ​​ruby-dev libcurl4-openssl-dev make zlib1g-dev
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler
bundle install –without test development

 Windows

If you would like to install WPScan in a windows environment you should follow these steps:

  1. Install Ruby
    1. Download the zip file containing it installer of Ruby.
    2. Unzip the folder and run the file
    3. Choose the language you want and accept the License Agreement.
    4. Select the installation folder (ideally in path C: \ Ruby **)
  2. Install DevKit
    1. Download it DevKit for use with Ruby 2.0 and above.
    2. Unzip the folder and run the file (change the default path to C: \ DevKit)
    3. Open the command prompt with administrator permissions
    4. Navigate to the installation folder using the cd command C: \ DevKit, and then execute the following commands to complete DevKit binding with Ruby:
ruby dk.rb init
install ruby ​​dk.rb
  1. Install cURL
    1. Download the cURL tool from here and run the installation wizard.
    2. Make sure you have C headers, lib and dll files installed during setup.

WPScan WordPress

    1. Installation must be done in filepath C: \ Program Files (x86) \ cURL.
    2. Check that file libcurl.dll successfully installed here: C: \ Program Files (x86) \ cURL \ dlls
  1. Installing WPScan
    1. Download the zip file containing the installer from here.
    2. Unzip the folder and run the file
    3. Select the installation folder (C: \ wpscan)
    4. Extract the data.zip to the C: \ wpscan folder to create C: \ wpscan \ data
    5. Copy the libvurl.dll file to the filepath C: \ Ruby22 \ bin
  2. Install Ruby Gems
    1. Open the command prompt
    2. Browse to C: \ wpscan and
    3. Execute the following commands:
gem install bundler
gem install typhoeus
gem install rspec-its
gem install ruby-progressbar
gem install nokogiri
gem install terminal-table
gem install webmock
gem install simplecov
gem install rspec
gem install xml-simple
gem install yajl-ruby
gem install bundler && bundle install –without test

To start WPScan while in the C: \ wpscan folder, run the following command:

ruby wpscan.rb

How to use it

Now let's look at some of the commands we can use with WPScan.

Initially we can see all the possible options we have running wpscan –help

root @ kali-elena: ~ # wpscan --help _______________________________________________________________ __ _______ _____ \ \ / / __ \ / ____ | \ \ / \ / / | | __) | (___ ___ __ _ _ __ (r) \ \ / \ / / | ___ / \ ___ \ / __ | / _` | '_ \ \ / \ / | | ____) | (__ | (_ | | | | \ / \ / | _ | _____ / \ ___ | \ __, _ | _ | | _ | WordPress Security Scanner by the WPScan Team Version 3.6.3 Sponsored by Sucuri - https: //sucuri.net @_WPScan_, @ ethicalhack3r, @erwan_lr, @_FireFart_ _______________________________________________________________ Usage: wpscan [options] --url URL The URL of the blog to scan Allowed Protocols: http, https Default Protocol if none provided: http This option is mandatory unless update or help or hh or version is / are supplied -h, --help Display the simple help and exit --hh Display the full help and exit --version Display the version and exit -v, --verboseVerbose mode - [no-] banner Whether or not to display the banner Default: true -o, --output FILE Output to FILE -f, --format FORMAT Output results in the format supplied Available choices: cli-no-color , cli-no-color, cli, json --detection-mode MODE Default: mixed Available choices: mixed, passive, aggressive --user-agent, --ua VALUE --random-user-agent, --rua Use a random user-agent for each scan --http-auth login: password -t, --max-threads VALUE The max threads to use Default: 5 --throttle MilliSeconds Milliseconds to wait before doing another web request.  If used, the max threads will be set to 1.
         - request-timeout SECONDS The request timeout in seconds Default: 60 --connect-timeout SECONDS The connection timeout in seconds Default: 30 --disable-tls-checks Disables SSL / TLS certificate verification --proxy protocol: // IP: port Supported protocols depend on the cURL installed --proxy-auth login: password --cookie-string COOKIE Cookie string to use in requests, format: cookie1 = value1 [; cookie2 = value2] --cookie-jar FILE-PATH File to read and write cookies Default: /tmp/wpscan/cookie_jar.txt --force Do not check if the target is running WordPress - [no-] update Whether or not to update the Database --wp-content-dir DIR The wp-content directory if custom or not detected, such as "wp-content" --wp-plugins-dir DIR The plugins directory if custom or not detected, such as " wp-content / plugins "-e, --enumerate [OPTS] Enumeration Process Available Choices: vp Vulnerable plugins ap All plugins p Plugins vt Vulnerable themes at All themes t Themes tt Timthumbs cb Config backups dbe Db exports u User IDs range.  eg: u1-5 Range separator to use: '-' Value if no argument supplied: 1-10 m Media IDs range.  eg m1-15 Note: Permalink setting must be set to "Plain" for those to be detected Range separator to use: '-' Value if no argument supplied: 1-100 Separator to use between the values: ',' Default: All Plugins, Config Backups Value if no argument supplied: vp, vt, tt, cb, dbe, u, m Incompatible choices (only one of each group / s can be used): - vp, ap, p - vt, at, t --exclude-content-based REGEXP_OR_STRING Exclude all responses matching the Regexp (case insensitive) during parts of the enumeration.
                                                   Both the headers and the body are checked.  Regexp delimiters are not required.
         --plugins-detection MODE Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode.
                                                   Default: passive Available choices: mixed, passive, aggressive --plugins-version-detection MODE Use the supplied mode to check plugins versions instead of the --detection-mode or --plugins-detection modes.
                                                   Default: mixed Available choices: mixed, passive, aggressive --plugins-threshold THRESHOLD Raise an error when the number of detected plugins via known locations reaches the threshold.  Set to 0 to ignore the threshold.
                                                   Default: 100 --themes-threshold THRESHOLD Raise an error when the number of detected themes via known locations reaches the threshold.  Set to 0 to ignore the threshold.
                                                   Default: 20 -P, --passwords FILE-PATH List of passwords to use during the password attack.
                                                   If no --username / s option is supplied, user enumeration will run.
     -U, --usernames LIST List of usernames to use during the password attack.
                                                   Examples: 'a1', 'a1, a2, a3', '/tmp/a.txt' --multicall-max-passwords MAX_PWD Maximum number of passwords to send by request with XMLRPC multicall Default: 500 --password-attack ATTACK Force the supplied attack to be used rather than automatically determining one.

The following command will allow us to scan our website for vulnerabilities

wpscan –url www.mysite.gr

WordPress website

 If we want to test our site for a vulnerable plugin then we need to use the –enumerate vp parameter

wpscan –url www.mysite.gr –enumerate vp

We will see a lot of information from the results and in case there is a vulnerable plugin we will see it next to a red exclamation mark. In such a case we should proceed immediately Update.

If we want to check for sensitive themes, the -enumerate vt parameter will help.

wpscan –url www.mysite.gr –enumerate vt

We can also see the list of users and their permissions using the enumerate -u parameter

wpscan –url www.mysite.gr –enumerate u 

WPScan WordPress

We look forward to your feedback. How did you find WPScan? Will you use it?

 

LEAVE ANSWER

Please enter your comment!
Please enter your name here

stormi
stormi
Here's the crazy ones, the misfits, the rebels, the troublemakers ...

LIVE NEWS

How to make a Facetime Audio call

Tired of low quality cell phone calls? Thanks to FaceTime, you can make high-resolution calls if you use iPhone, iPad, ...

How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...