wpscan Tool in Kali Linux

wpscan is a tool that finds the vulnerability in WordPress websites. It’s a great tool for gathering general passive reconnaissance about a website that’s running on WordPress. In Kali Linux, you don’t need to install wpscan.

Wpscan Image

 

How to Use wpscan

We know, WPscan should be already installed on your system. But we ensure if it is available or not. We will type this command if wpscan is not available in your system.

wpscan
sudo apt-get update
sudo apt-get install wpscan 

Options

• –url: This option specifies the WordPress site.
• -t: This option helps to increase threads of wpscan
• -hh: To see the full list of options
• -o: Output To File

Find WordPress Site Vulnerability

–url 

–url option specify the WordPress site URL. We will scan the WordPress website with this option. When your scanning is done you will see some outdated plugins and XML-RPC file is located or not which can help you find the potential attack on the WordPress site. 

wpscan --url target name

Output

 

In this scan, we get some passive information about our WordPress target. In this scan all HTML pages of our target. In this scan, we get some information like this

• Server Name 
• Checking whether Directory Listing is available for normal users or not
• Check whether any Vulnerable Plugins are available or not
• check xml-rpc file is available or not 

-o 

wpscan  --url target -o

–hh

This option shows the all options 

wpscan --hh

Output

 

-t

WPScan runs in default 5 threads. Sometimes you want to increase of speed you can use the -t option for this task

wpscan --url target -t Number_of _Threads

Output