If you’re comfortable at the CLI, WPScan is super easy to get going.
Installation on a Mac is a piece of cake. Other methods and operating systems are documented on Github.
$ git clone https://github.com/wpscanteam/wpscan.git $ cd wpscan $ bundle install --without test
The first time you run
wpscan.rb, you’ll be prompted to update the vulnerability database.
$ ./wpscan.rb [i] It seems like you have not updated the database for some time. [?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]Y [i] Updating the Database ... [i] Update completed.
To scan your own site, simply pass the
$ ./wpscan.rb --url https://ma.ttias.be ... [+] robots.txt available under: '/robots.txt' [!] The WordPress '/readme.html' file exists exposing a version number [+] Interesting header: SERVER: nginx [+] XML-RPC Interface available under: /xmlrpc.php ... [+] WordPress version 4.x.x identified from meta generator ... [+] Enumerating plugins from passive detection ... | 9 plugins found: ... [+] Finished: Sun May 10 16:19:35 2015 [+] Requests Done: 126 [+] Memory used: 20.738 MB [+] Elapsed time: 00:00:12
It enumerates all known themes and plugins, detects the WordPress version and gives you a nice summary. In my case, I still had to remove a
readme.html file that exposes the version number.
If it happens to find a known vulnerability, you’ll be notified in the output. Like the example below:
... [!] Title: Jetpack <= 3.5.2 - DOM Cross-Site Scripting (XSS) Reference: https://wpvulndb.com/vulnerabilities/7964 Reference: https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss-millions-of-wordpress-websites-affected-millions-of-wordpress-websites-affected.html
This was from an old WordPress I had lying around that hadn’t been updated in a while.
Very useful tool, I would recommend it to everyone to at least scan your own site once!