wpscan Tool in Kali Linux
Last Updated :
07 Nov, 2022
wpscan is a tool that finds the vulnerability in WordPress websites. It’s a great tool for gathering general passive reconnaissance about a website that’s running on WordPress. In Kali Linux, you don’t need to install wpscan.
Wpscan Image
How to Use wpscan
We know, WPscan should be already installed on your system. But we ensure if it is available or not. We will type this command if wpscan is not available in your system.
wpscan
sudo apt-get update
sudo apt-get install wpscan
Options
- –url: This option specifies the WordPress site.
- -t: This option helps to increase threads of wpscan
- -hh: To see the full list of options
- -o: Output To File
Find WordPress Site Vulnerability
–url
–url option specify the WordPress site URL. We will scan the WordPress website with this option. When your scanning is done you will see some outdated plugins and XML-RPC file is located or not which can help you find the potential attack on the WordPress site.
wpscan --url target name
Output
In this scan, we get some passive information about our WordPress target. In this scan all HTML pages of our target. In this scan, we get some information like this
- Server Name
- Checking whether Directory Listing is available for normal users or not
- Check whether any Vulnerable Plugins are available or not
- check xml-rpc file is available or not
-o
wpscan --url target -o
–hh
This option shows the all options
wpscan --hh
Output
-t
WPScan runs in default 5 threads. Sometimes you want to increase of speed you can use the -t option for this task
wpscan --url target -t Number_of _Threads
Output
Like Article
Suggest improvement
Share your thoughts in the comments
Please Login to comment...