WPScan WordPress Security Scanner is a free-to-use tool available to install for Linux & Windows systems. It lets users check the security issues related to some WordPress installed blog or website. This means, the user can scan any website based on WordPress to find out various issues such as core files, plugins, and themes vulnerabilities; Weak passwords, HTTPS enabled or not, Header items; including a check for debug.log files, wp-config.php backup files, XML-RPC is enabled, code repository files, default secret keys, exported database files and more… However, to get the vulnerabilities in the result, we need to add the WPscan API key available free to generate and provides 25 scans daily.
Furthermore, Wpscan is also available as a plugin to directly install on the WordPress backend and the users can operate it via its GUI Dashboard. In case you don’t want to use the WPscan plugin then the CLI tool can be used.
Contents
Let’s see the commands to install this WordPress Vulnerability Scanner (WPscan) on Ubuntu, Debian, Kali Linux, Linux Mint, or similar other operating systems.
The first thing that should be performed before installing some application or tool is running of the system update command-
Wpscan is available to install from RubyGems, thus let’s install Ruby and other required dependencies on our Ubuntu-
Finally, use Ruby’s gem command to download and install the WPscan packages on your system.
Once the installation is completed, let’s check its version-
To know the various commands and flags that can be used with Wpscan, open the help section.
Now, if you want to use this command-line tool to scan some WordPress website to find security issues and other details run the following syntax-
By default, this security tool will not provide Vulnerabilities in the result, and to get that we have to generate an API key. Go to the official website and select the free plan to register.
Copy the API key and use it in the following way with the command-
Note: Replace your-api-key text in the above command with the one which you have generated.
Wpscan offers three detection modes, they are passive, aggressive, and mixed. In Passive Mode, the tool will send few requests to the server and only scan to find out common security issues for the Homepage of a website. It is good to use if you think the server won’t be able to handle a large pool of requests.
Coming to Aggressive mode, in this, the intrusive scan run by WPscan will be more powerful and will send hundreds of requests to the server to find out vulnerabilities, if any, in all plugins of WordPress.
Whereas, mixed which is the default on the WPScan tool is a combination of aggressive and passive mode to provide a balanced scan.
So, if you want to override the default Mixed by any of the other two, use --detection-mode option in the command-
For example:
To enumerates various items of WordPress, we can use the options given below with -e flag.
For example, we want to List all plugins with known vulnerabilities, then we use the vp option given in the above list along with -e flag detection mode
To run the scan in hidden mode so that the Web application firewall couldn’t detect Wpscan, one can try --random-user-agent and --stealthy options.
This was a quick tutorial & introduction to the WPscan installation on Ubuntu 20.04 and other similar Linux distros. To know more about this tool you can check out its GitHub page/documentation.
1 Comment
aa