If you’re comfortable at the CLI, WPScan is super easy to get going.
The project is open source on Github and uses the WPScan Vulnerability Database, an open dataset of known WordPress vulnerabilities.
Installation on a Mac is a piece of cake. Other methods and operating systems are documented on Github.
$ git clone https://github.com/wpscanteam/wpscan.git $ cd wpscan $ bundle install --without test
The first time you run wpscan.rb, you’ll be prompted to update the vulnerability database.
$ ./wpscan.rb [i] It seems like you have not updated the database for some time. [?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]Y [i] Updating the Database ... [i] Update completed.
To scan your own site, simply pass the --url parameter.
$ ./wpscan.rb --url https://ma.ttias.be ... [+] robots.txt available under: '/robots.txt' [!] The WordPress '/readme.html' file exists exposing a version number [+] Interesting header: SERVER: nginx [+] XML-RPC Interface available under: /xmlrpc.php ... [+] WordPress version 4.x.x identified from meta generator ... [+] Enumerating plugins from passive detection ... | 9 plugins found: ... [+] Finished: Sun May 10 16:19:35 2015 [+] Requests Done: 126 [+] Memory used: 20.738 MB [+] Elapsed time: 00:00:12
It enumerates all known themes and plugins, detects the WordPress version and gives you a nice summary. In my case, I still had to remove a readme.html file that exposes the version number.
If it happens to find a known vulnerability, you’ll be notified in the output. Like the example below:
...
[!] Title: Jetpack <= 3.5.2 - DOM Cross-Site Scripting (XSS)
Reference: https://wpvulndb.com/vulnerabilities/7964
Reference: https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss-millions-of-wordpress-websites-affected-millions-of-wordpress-websites-affected.html
This was from an old WordPress I had lying around that hadn’t been updated in a while.
Very useful tool, I would recommend it to everyone to at least scan your own site once!