[Tool] Wordpress scanner - wpscan

WPScan is a black box WordPress vulnerability scanner

Repository : https://github.com/wpscanteam/wpscan

Install

Prerequisites

• Ruby >= 2.1.9 - Recommended: 2.3.3
• Curl >= 7.21 - Recommended: latest - FYI the 7.29 has a segfault
• RubyGems - Recommended: latest
• Git

Installing with RVM (recommended)

If you are using GNOME Terminal, there are some steps required before executing the commands. See here for more information: https://rvm.io/integration/gnome-terminal#integrating-rvm-with-gnome-terminal

# Install all prerequisites for your OS (look above) cd ~ curl -sSL https://rvm.io/mpapis.asc | gpg --import - curl -sSL https://get.rvm.io | bash -s stable source ~/.rvm/scripts/rvm echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc rvm install 2.3.3 rvm use 2.3.3 --default echo "gem: --no-ri --no-rdoc" > ~/.gemrc gem install bundler git clone https://github.com/wpscanteam/wpscan.git cd wpscan gem install bundler bundle install --without test

 

Usage

Update WPScan's databases...

ruby wpscan.rb --update

Do 'non-intrusive' checks...

ruby wpscan.rb --url www.example.com --random-agent

Run all enumeration tools...

ruby wpscan.rb --url www.example.com --enumerate --random-agent

Use custom content directory...

 

ref) we have to use "--random-agent" option because of Semantec