[Tool] Wordpress scanner - wpscan 본문


[Tool] Wordpress scanner - wpscan

dokydoky 2017. 8. 9. 15:45

WPScan is a black box WordPress vulnerability scanner

Repository : https://github.com/wpscanteam/wpscan



  • Ruby >= 2.1.9 - Recommended: 2.3.3
  • Curl >= 7.21 - Recommended: latest - FYI the 7.29 has a segfault
  • RubyGems - Recommended: latest
  • Git

Installing with RVM (recommended)

If you are using GNOME Terminal, there are some steps required before executing the commands. See here for more information: https://rvm.io/integration/gnome-terminal#integrating-rvm-with-gnome-terminal

# Install all prerequisites for your OS (look above)
cd ~
curl -sSL https://rvm.io/mpapis.asc | gpg --import -
curl -sSL https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm
echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
rvm install 2.3.3
rvm use 2.3.3 --default
echo "gem: --no-ri --no-rdoc" > ~/.gemrc
gem install bundler
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
gem install bundler
bundle install --without test



Update WPScan's databases...

ruby wpscan.rb --update

Do 'non-intrusive' checks...

ruby wpscan.rb --url www.example.com --random-agent

Run all enumeration tools...

ruby wpscan.rb --url www.example.com --enumerate --random-agent

Use custom content directory...


ref) we have to use "--random-agent" option because of Semantec