WPScan is an invaluable tool for safeguarding your WordPress website against potential vulnerabilities. As cyber threats continue to evolve, performing regular scans with WPScan can help identify security weaknesses and protect your website from potential attacks.
In this blog post, we’ll provide you with a comprehensive WPScan cheat sheet that covers installation, basic scanning techniques, password brute-forcing, vulnerability scanning, plugin and theme analysis, output and reporting options, and more. Let’s dive in and unlock the power of WPScan to fortify your WordPress fortress.
Table of Contents
Installation
To begin using WPScan, you’ll need to install it on your system. Follow these steps for a smooth setup:
- Install WPScan on Debian based Linux (Debian, Ubuntu, etc)
sudo apt install wpscan- Install WPScan on macOS (via Brew)
brew install wpscanBasic Scanning
Utilize WPScan’s scanning capabilities to gather valuable information about your WordPress site:
- Scan a WordPress website:
wpscan --url https://example.com- Enumerate all installed plugins:
wpscan --url https://example.com --enumerate ap- Enumerate all themes:
wpscan --url https://example.com --enumerate at- Enumerate users:
wpscan --url https://example.com --enumerate u- Scan and enumerate plugins, themes & users in a single command:
wpscan --url https://example.com --enumerate ap,at,uPassword Brute-Forcing
- Perform a password attack on a specific username:
wpscan --url https://example.com --passwords passwords.txt --usernames admin- Perform a password attack using a list of usernames:
wpscan --url https://example.com --passwords passwords.txt --usernames users.txt- Perform a password attack with a custom password list:
wpscan --url https://example.com --passwords custom.txtVulnerability Scanning
- Enumerate All WordPress vulnerabilities:
wpscan --url https://example.com --enumerate vp,vt,vt- Enumerate vulnerable plugins:
wpscan --url https://example.com --enumerate vp- Enumerate vulnerable themes:
wpscan --url https://example.com --enumerate vt- Enumerate vulnerable timthumbs:
wpscan --url https://example.com --enumerate tt- Retrieve plugin and theme vulnerability data from WPVulnDB:
wpscan --url https://example.com --enumerate vp,vt,vt --api-token YOUR_API_TOKENWPScan offers a FREE API that allows up to 25 requests per day. If you need anything higher, you will need to contact their sales team.
Output and Reporting:
- Save scan results in a JSON file:
wpscan --url https://example.com --output example.json- In previous version you could export the report to HTML format, unfortunately that feature was deprecated and is no longer available.
Miscellaneous
- Update WPScan’s database:
wpscan --update- Use a custom user agent:
wpscan --url https://example.com --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"Remember to use WPScan responsibly and always ensure you have proper authorization before scanning any website. Additionally, regularly update WPScan to benefit from the latest vulnerability checks and improvements.
CAN YOU LIST PLUGGINS FOR WPSCAN WE CAN INSTALL ON WPSCAN