Ethical Hacking — Wpscan Tool
Wpscan Tool
Wpscan Tool is a tool used to scan WordPress websites. Wpscan is used in Kali Linux andIt scans for possible vulnerabilities such as outdated WordPress versions and vulnerable themes and plugins and etc.
Before using wpscan for scanning WordPress websites in Kali Linux, it is vital to ensure that wpscan is up to date. To ensure this simply type
wpscan update
This will update the wpscan tool to its latest version thus ensuring you can use all its features.
There are different types of enumeration filters for wpscan. These are:
u (for usernames)
p (for plugins)
vp for vulnerable plugins
t (for themes)
vt (for vulnerable themes)
at (for all themes)
tt (for timthumbs) Timthumbs are major security risk so it would be wise to ensure the website does not have to
ap (for all plugins)
To find all the users in a certain website simply type the command wpscan –url yourwebsiteurl -e u.This enumerates all the users. If you wish to discover the password then it is possible through brute force method. The command is wpscan –url yourwebsiteurl -wordlist password.txt.This will find a possible password match for the user if there are any in the wordlist.
Tags: Ethical Hacking
This entry was posted on Friday, June 19th, 2020 at 3:39 am and is filed under Database System -- Semester 3, Ethical Hacking -- Semester 4, Intelligent System -- Semester 4, Network Forensic -- Semester 5, Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.