[ccpw id="5"]

HomeApplicationInstall WPScan WordPress Security Scanner on Ubuntu 20.04 LTS

Install WPScan WordPress Security Scanner on Ubuntu 20.04 LTS


WPScan WordPress Security Scanner is a free-to-use tool available to install for Linux & Windows systems. It lets users check the security issues related to some WordPress installed blog or website. This means, the user can scan any website based on WordPress to find out various issues such as core files, plugins, and themes vulnerabilities; Weak passwords, HTTPS enabled or not, Header items; including a check for debug.log files, wp-config.php backup files, XML-RPC is enabled, code repository files, default secret keys, exported database files and more… However, to get the vulnerabilities in the result, we need to add the WPscan API key available free to generate and provides 25 scans daily.
Furthermore, Wpscan is also available as a plugin to directly install on the WordPress backend and the users can operate it via its GUI Dashboard. In case you don’t want to use the WPscan plugin then the CLI tool can be used.

Let’s see the commands to install this WordPress Vulnerability Scanner (WPscan) on Ubuntu, Debian, Kali Linux, Linux Mint, or similar other operating systems.
The first thing that should be performed before installing some application or tool is running of the system update command-

Wpscan is available to install from RubyGems, thus let’s install Ruby and other required dependencies on our Ubuntu-

Finally, use Ruby’s gem command to download and install the WPscan packages on your system.

Once the installation is completed, let’s check its version-

To know the various commands and flags that can be used with Wpscan, open the help section.

Now, if you want to use this command-line tool to scan some WordPress website to find security issues and other details run the following syntax-

By default, this security tool will not provide Vulnerabilities in the result, and to get that we have to generate an API key. Go to the official website and select the free plan to register.

Copy the API key and use it in the following way with the command-
Note: Replace your-api-key text in the above command with the one which you have generated.

Wpscan offers three detection modes, they are passive, aggressive, and mixed.  In Passive Mode, the tool will send few requests to the server and only scan to find out common security issues for the Homepage of a website. It is good to use if you think the server won’t be able to handle a large pool of requests.
Coming to Aggressive mode, in this, the intrusive scan run by WPscan will be more powerful and will send hundreds of requests to the server to find out vulnerabilities, if any, in all plugins of WordPress.
Whereas, mixed which is the default on the WPScan tool is a combination of aggressive and passive mode to provide a balanced scan.
So, if you want to override the default Mixed by any of the other two, use --detection-mode option in the command-
For example:

To enumerates various items of WordPress, we can use the options given below with  -e flag.

For example, we want to List all  plugins with known vulnerabilities, then we use the vp option given in the above list along with -e flag detection mode

To run the scan in hidden mode so that the Web application firewall couldn’t detect Wpscan, one can try --random-user-agent and --stealthy options.

This was a quick tutorial & introduction to the WPscan installation on Ubuntu 20.04 and other similar Linux distros. To know more about this tool you can check out its GitHub page/documentation.


Chime Phone Number

What is the Chime Phone Number? If you have an account with Chime, you've likely received an account number from the company. However, this number does...

Apple Store Near Me

How to Find an Apple Store Near Me To find an Apple Store near you, first go to the Apple website and select your region or...

Dodge Car

Tips For Buying a Dodge Car Dodge is a mid-priced automobile brand. It was founded by brothers John and Horace Dodge and is a competitor to...

Hybrid Car

How Does a Hybrid Car Work? The basic components of a hybrid car are an Internal combustion engine, an Electric motor, and a battery. This article...

Most Popular