1.Introduction on WPScan
WPScan is an open-source tool developed by WordPress, primarily utilized for scanning WordPress installations and websites powered by WordPress. It plays a crucial role in identifying vulnerabilities and issues within WordPress-powered websites. Let’s delve into the specific functionalities and capabilities of WPScan:
WPScan stands out as an advanced vulnerability scanner exclusively crafted for WordPress websites. Its unique ‘black box’ scanning method eliminates the need for access to website source code, making it a versatile tool for security assessments on remote WordPress sites.
The scanning process involves several key steps.
1.Full-Site Scan: WPScan conducts a comprehensive scan of the entire WordPress site, meticulously identifying all potential vulnerabilities and issues that may exist.
2.Check for Vulnerable Plugins and Themes: This feature specifically targets installed plugins and themes, scrutinizing them for any known vulnerabilities or outdated versions that could pose security risks.
3.User Enumeration Vulnerability Check: WPScan also checks if the website is susceptible to user enumeration, a critical security concern. If detected, measures are recommended to mitigate this vulnerability.
4.Information Leakage and Configuration Checks: WPScan verifies the security of WordPress and server configurations to ensure they do not inadvertently expose sensitive information that could be exploited by malicious actors.
5.Weak Password Detection: With its ability to test for weak passwords on user accounts, WPScan assists site owners in enforcing stronger password policies, thereby enhancing overall security.
6.XML-RPC and REST API Testing: This feature is particularly significant for sites using XML-RPC and REST APIs. WPScan evaluates their security posture, especially if these functionalities are unnecessary or potential entry points for attacks.
While WPScan is often associated with Linux distributions like Kali Linux and BlackArch, and while we can also install it in windows systems and other operating systems.
- Installation of WPScan in system
Before we jump into the installation steps, it’s essential to highlight an excellent resource for comprehensive WPScan user documentation. You can access it through https://wpscan.com/blog/wpscan-user-documentation/
This documentation covers a wide range of topics, from installation guides to in-depth usage instructions, making it an invaluable companion throughout your WPScan journey.
Step 1: Update System
Many Linux distributions, such as Kali Linux, come with WPScan pre-installed. If you’re using a Linux distribution where WPScan isn’t pre-installed, you can easily install it using package managers like APT. Here’s a quick overview of the installation process
Before installing any new software, it’s good practice to update your system’s package repository and installed packages to their latest versions. Open a terminal window and enter the following commands :
sudo apt update
sudo apt upgrade
Step 2: Install WPScan:
Once the repository is updated, you can install WPScan using:
sudo apt install wpscan
step 3: Verify Installation:
To verify that WPScan is installed correctly, run:
WPScan –version
You should see the version number of WPScan, confirming the installation.
WPScan on Windows and Other OS
While WPScan is primarily associated with Linux environments, it’s worth noting that it can also be installed on Windows and other operating systems. For Windows users interested in installing WPScan, refer to the official WPScan GitHub repository for detailed installation instructions. You can find the instructions for Windows installation
https://github.com/wpscanteam/wpscan#windows
Additionally, WPScan provides comprehensive user documentation that covers installation and usage across various platforms. You can access the official user documentation https://wpscan.com/blog/wpscan-user-documentation/ for detailed guides tailored to your specific operating system.
3.How to obtain WPScan API Key
To use the WPScan API key, you need to obtain the API key from the WPScan website. The API key allows you to access additional features and functionalities of WPScan, including enhanced scanning capabilities and advanced security assessments. Here’s how you can add the API key to your WPScan
Obtain WPScan API Key:
Visit the WPScan website and sign up for an account if you don’t have one.
Once logged in, navigate to the API section to get an API key. You will get API Key like this then copy
- And use in wpscan while scanning to access features.
Note : Don’t use above API key it’s already changed. Create your own API by sign-up to this url : https://wpscan.com/
- Scan in WPScan
Performing a scan with WPScan is straightforward:
- Install WPScan: Begin by installing WPScan on your system. It’s available for various platforms, including Linux, macOS, and Windows.
- Start Scan: Open your terminal and enter the command to start scanning your WordPress site. For example:
wpscan –url https://yourwebsite.com
Replace https://yourwebsite.com with your actual website URL.
Scan Results: WPScan will analyze your site and provide a detailed report highlighting
vulnerabilities, outdated plugins/themes, and other security issues.
- Specific Scans with WPScan (Vulnerable Themes & Plugins)
WPScan allows you to conduct targeted scans, focusing on specific areas such as vulnerable plugins and themes:
Vulnerable Plugins: To check for vulnerable plugins, use the command:
wpscan –url http://localhost:31337/ -e vp –api-token btq6sLdBpfZRs6inJzLJYXAtnVVbtzf6V8CpfeOJQHE
This command will list any plugins with known vulnerabilities.
Vulnerable Themes: Similarly, to identify vulnerable themes, use:
wpscan –url http://localhost:31337/ -e vt –api-token btq6sLdBpfZRs6inJzLJYXAtnVVbtzf6V8CpfeOJQHE
WPScan will reveal themes that pose security risks.
4. User enumeration in Using WPScan
User enumeration in WordPress is a method used by attackers to discover valid usernames, increasing the risk of unauthorized access. WPScan, a leading security tool, actively detects and alerts users about user enumeration vulnerabilities during scans. It also allows controlled username enumeration for thorough vulnerability assessments and offers customizable scans to target specific vulnerable areas. Combining WPScan’s capabilities with measures like enforcing strict username policies, enabling rate limiting, and conducting regular security audits strengthens WordPress
security against user enumeration threats, ensuring a resilient defense posture for your website.
Vulnerable Themes: Similarly, to identify vulnerable themes, use:
wpscan –url http://localhost:31337/ -e u –api-token btq6sLdBpfZRs6inJzLJYXAtnVVbtzf6V8CpfeOJQHE
User enumeration in through the error