WPScan Cheat Sheet

by Jul 12, 2023WordPress Security1 comment

Kinsta - Unlock 4 Months OFF Annual WordPress Plans

WPScan is an invaluable tool for safeguarding your WordPress website against potential vulnerabilities. As cyber threats continue to evolve, performing regular scans with WPScan can help identify security weaknesses and protect your website from potential attacks.

In this blog post, we’ll provide you with a comprehensive WPScan cheat sheet that covers installation, basic scanning techniques, password brute-forcing, vulnerability scanning, plugin and theme analysis, output and reporting options, and more. Let’s dive in and unlock the power of WPScan to fortify your WordPress fortress.

Table of Contents

Installation

To begin using WPScan, you’ll need to install it on your system. Follow these steps for a smooth setup:

  • Install WPScan on Debian based Linux (Debian, Ubuntu, etc)
sudo apt install wpscan
  • Install WPScan on macOS (via Brew)
brew install wpscan

Basic Scanning

Utilize WPScan’s scanning capabilities to gather valuable information about your WordPress site:

  • Scan a WordPress website:
wpscan --url https://example.com
  • Enumerate all installed plugins:
wpscan --url https://example.com --enumerate ap
  • Enumerate all themes:
wpscan --url https://example.com --enumerate at
  • Enumerate users:
wpscan --url https://example.com --enumerate u
  • Scan and enumerate plugins, themes & users in a single command:
wpscan --url https://example.com --enumerate ap,at,u

Password Brute-Forcing

  • Perform a password attack on a specific username:
wpscan --url https://example.com --passwords passwords.txt --usernames admin
  • Perform a password attack using a list of usernames:
wpscan --url https://example.com --passwords passwords.txt --usernames users.txt
  • Perform a password attack with a custom password list:
wpscan --url https://example.com --passwords custom.txt

Vulnerability Scanning

  • Enumerate All WordPress vulnerabilities:
wpscan --url https://example.com --enumerate vp,vt,vt
  • Enumerate vulnerable plugins:
wpscan --url https://example.com --enumerate vp
  • Enumerate vulnerable themes:
wpscan --url https://example.com --enumerate vt
  • Enumerate vulnerable timthumbs:
wpscan --url https://example.com --enumerate tt
  • Retrieve plugin and theme vulnerability data from WPVulnDB:
wpscan --url https://example.com --enumerate vp,vt,vt --api-token YOUR_API_TOKEN

WPScan offers a FREE API that allows up to 25 requests per day. If you need anything higher, you will need to contact their sales team.

Output and Reporting:

  • Save scan results in a JSON file:
wpscan --url https://example.com --output example.json
  • In previous version you could export the report to HTML format, unfortunately that feature was deprecated and is no longer available.

Miscellaneous

  • Update WPScan’s database:
wpscan --update
  • Use a custom user agent:
wpscan --url https://example.com --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"

Remember to use WPScan responsibly and always ensure you have proper authorization before scanning any website. Additionally, regularly update WPScan to benefit from the latest vulnerability checks and improvements.

Kinsta - Unlock 4 Months OFF Annual WordPress Plans
5 1 vote
Article Rating
Subscribe
Notify of
guest
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
OLA
OLA
1 month ago

CAN YOU LIST PLUGGINS FOR WPSCAN WE CAN INSTALL ON WPSCAN

4 Free Tools To Scan WordPress For Security Vulnerabilities

4 Free Tools To Scan WordPress For Security Vulnerabilities

As the popularity of WordPress continues to grow, so does the need for robust security measures to protect your website from potential vulnerabilities. Fortunately, there are free tools available that can scan your WordPress site and identify security weaknesses.

In this blog post, we will explore four powerful tools that can help you fortify your WordPress fortress. Each tool is accompanied by an explanation, link, and screenshots, providing you with a comprehensive overview of their features and capabilities.

read more
What is the best WordPress security?

What is the best WordPress security?

In today’s digital landscape, protecting your WordPress website from potential threats is crucial. With cyberattacks on the rise, implementing robust security measures is paramount.

This blog post delves into the world of WordPress security, exploring the best practices and tools to fortify your online presence. Discover how you can keep your website secure and gain peace of mind in an increasingly interconnected world.

read more
Understanding How Passwords are Stored in WordPress

Understanding How Passwords are Stored in WordPress

Passwords serve as the first line of defense against unauthorized access to your website. As one of the most popular content management systems (CMS) in the world, WordPress takes the security of user passwords seriously.

In this article, we will delve into the inner workings of password storage in WordPress, exploring the mechanisms implemented to ensure the protection of user credentials.

read more
WordPress Password Manager SSO (Single Sign-On): Simplify Access, Enhance Security

WordPress Password Manager SSO (Single Sign-On): Simplify Access, Enhance Security

In today’s digital landscape, managing multiple usernames and passwords across various platforms can be a daunting task. That’s where Single Sign-On (SSO) comes in.

In this comprehensive blog article, we will delve into the world of WordPress Password Manager SSO, exploring its history, benefits, top plugins to implement SSO in a WordPress site, common implementation errors, and the importance of SSO in building a robust WordPress authentication strategy.

read more
Preventing WordPress Malware: A Guide for Web Development Agencies

Preventing WordPress Malware: A Guide for Web Development Agencies

WordPress powers a significant portion of the internet, making it an attractive target for hackers and malware infections. As a web development agency, it is crucial to prioritize website security and take proactive measures to prevent malware and hackers from compromising WordPress websites.

This comprehensive guide aims to provide web developers, web administrators, and marketing professionals with valuable insights and best security practices to safeguard WordPress websites against malware attacks.

read more
Buy me a Beer
Ad - Web Hosting from SiteGround - Crafted for easy site management. Click to learn more.
Sucuri - Complete end-to-end security