WPScan -- Find Vulnerabilities in WordPress Websites on Kali Linux

WordPress is the leading CMS (Content Management System) in today's world. Tons of people making their website using WordPress,  for an idea WordPress powers over 75 million sites on the web. This is huge. Almost 37.8% of the internet captured by WordPress.

But in news we can see that many WordPress vulnerabilities are discovered. WPScan is a tool where we can test vulnerability of WordPress websites. In today's tutorial we learn how we can find bugs on WordPress websites using WPScan on our Kali Linux system.

wpscan on Kali Linux

WPScan comes pre-installed with Kali Linux 2020 versions. We can access it directly from our terminal. On our Kali Linux terminal we need to type following command to see the help of WPScan.

wpscan -h

The following screenshot shows us the help section of WPScan.

help menu of wpscan
Now we can scan our WordPress website with WPScan tool using --url flag. But we need to make sure that the website belongs to us or we have legal permission to test that website. Because harming others property (read website) is a serious crime.

We have a locally hosted WordPress site, which is running on our own computer in this tutorial we use it.

Wordpress running on our localhost
Now to scan this website or any other website we need the URL or IP address, here in our case the IP address is http://172.17.0.2. We run the following command to start the scan:

wpscan --url http://172.17.0.2

The screenshot of the command is following:

WPScan asking for update
WPScan is asking for updates

Here i the above screenshot we can see that WPScan is asking for updates, we press Y for 'Yes' and if the update available it will update itself and start scanning our given target. After the scan complete we got a result like following screenshot:

scan result

In the above screenshot we can see that we got some vulnerability

We did not used WPVulnDB API token. However we recommended to use API token from WPScan official website. To create a API token we need to register to WPScan's website.

Then we need to crate a free profile and we got a API token for free. Free version is limited to 50 daily requests.

API token in WPScan
For security reason we hide API token partially

Now we again scan the target but this time we scan with the API key. To do this we apply following command in our terminal window:

wpscan --url http://172.17.0.2 --api-token jvQK8QaynathmKeQzMQcWWQFWBQsjAnn6**OUR**API**

Now this scan will be performed with API token.

Using WPScan we can get information of vulnerabilities with some details.

link of vulnerabilities

In the above screenshot we can clearly see the vulnerabilities and some links. If we navigate to the given link we can know more about the vulnerability.

Not only this there are lots of more options. WPScan is a very big tool. To check all it's options and details we can use following command:

wpscan --hh

Here we see all the options available in WPScan. We can read this all and use these functions easily.

WPScan is very helpful to find security loopholes on WordPress websites. Specially when the WordPress site's admins didn't update the themes and plugins. Sometimes in some WordPress site we can see admin still using a vulnerable item.

In this way a WordPress website can be compromised, as a cybersecurity expert we should not use old plugins or themes on WordPress site. We also should not use third party themes and plugins on Content Management System or CMS (like WordPress, Drupal etc). To test other CMS we should use CMSeeK.

This is how we can run penetration testing on WordPress website using WPScan on our Kali Linux system.

Liked our articles? Follow our E-Mail subscriptions to get free notification when we published new post. We are also updated our articles on our Twitter and GitHub. For any problem and query please comment down below, we always reply.

author-img
Kali Linux

Comments

No comments
Post a Comment
    google-playkhamsatmostaqltradent