Categories
Penetration Testing Web Application Analysis

WPScan – WordPress Security Scanner

 

Exploiting, Injecting WordPress
Wordpress Blackbox testing

What is WPScan?

WPScan is wonderful and super fast wordpress vulnerability scanner written in ruby language, sponsored by RandomStorm and hosted by Googlecode. It provides you an easy way to penetrate wordpress blogs using blackbox techniques.

You can find the following stuff about any wordpress blog using this ruby application:

  • List of plugins
  • Name of theme
  • Bruce forcing Weak Password for specific user
  • Brute force username
  • Directory listings
  • Version details
  • Possible vulnerabilities.

How to Install WPScan?

Before you install WPScan, you have to install number of dependencies essential by this tiny ruby application. BTW i am using BackTrack5 Linux.

Dependencies :

apt-get install libcurl4-gnutls-dev
gem install --user-install mime-types
gem install --user-install xml-simple
gem install --user-install typhoeus

WPScan Installation :

cd /pentest/web/
wget http://wpscan.googlecode.com/files/wpscan-1.0.zip
unzip wpscan-1.0.zip
cd wpscan

How to use WPScan?

It is almost cooked. One more thing we need here; is to download keywords database which will be used for brute forcing.

wget http://static.hackersgarage.com/darkc0de.lst.gz
gunzip darkc0de.lst.gz

Example usage of this ant application :

Do ‘non-intrusive’ checks…
ruby ./wpscan.rb --url www.hackersgarage.com

Do wordlist password brute force on enumerated users using 50 threads…
ruby ./wpscan.rb --url www.hackersgarage.com --wordlist darkc0de.lst --threads 50

Do wordlist password brute force on the ‘admin’ username only…
ruby ./wpscan.rb --url www.hackersgarage.com --wordlist darkc0de.lst --username admin

Generate a new ‘most popular’ plugin list, up to 150 pages…
ruby ./wpscan.rb --generate_plugin_list 150

Enumerate instaled plugins…
ruby ./wpscan.rb --enumerate p

Still in trouble with configuration ? Ask in comments.

28 replies on “WPScan – WordPress Security Scanner”

@Python

You might be running an old version of Ubuntu,
FIX is simply add the line to the file /usr/bin/gem
require 'rubygems/gem_runner'
after
require 'rubygems'
Issue is fixed in new version i guess.

when id my scan here is the result
/pentest/web/wpscan-1.0/lib/discover.rb:138:in `theme_name’: uninitialized constant Discover::Typhoeus (NameError)
from ./wpscan.rb:245:in `’

what is that mien ?
i think there is some error
what can i do 2 fix this

can Wpscan be used on iwindows if so can you
tell me how it would be a usefull information

I have installed everything that I need to install but at the end of installing wpscan I put this cd wpscan in Terminal but it doesn’t do anything but gives an error? No such file or directory.

What if there is no admin? I have found about seven names but none of them are admin? It took around 24 hours for the password brute but didn’t give a password for the first name that was on the list?

Hi,
first of all thanks for this great instruction! I have only one problem, every time i tried to brute the password of my blog i get “ERROR: We recieved an unknown response…”
Do you have a solution for this?
Best!

hello folks
i am looking for username.lst but i can not find please help if you know about it..
i want download it and use it for crack wp username

Hello,

I want to hack http://www.—.wordpress.com but its not going at right side, it shows an error. I did all commands correctly. Is there any other method to deface that blog or to access its admin panel? Its urgent please!

[ERROR] The file “darkc0de.lst” does not exist

It appear when i test this tool
how can i solve

Would you consider updating this blog post, or creating a second post that goes over how to install this now that the code has matured past v1.0?

I have a small question, I ran wpscan using the command:

ruby ./wpscan.rb –url somesite.com –wordlist darkc0de.lst –threads 50

I got the results:

[SUCCESS] Username:******** Password:/.,
[SUCCESS] Username:******** Password:/.,mnb
[SUCCESS] Username:******** Password:/.,mn
[SUCCESS] Username:******** Password:/.,m
[SUCCESS] Username:******** Password:/.,mn
[SUCCESS] Username:******** Password:/.,m
[SUCCESS] Username:******** Password:/.,
[SUCCESS] Username:******** Password:/.,mnb
[SUCCESS] Username:******** Password:/M/1
[SUCCESS] Username:******** Password:.plan

But none of the passwords worked even thou they returned as success.

Why does this happen?

I get this error…

ERROR: We recieved an unknown response for 012i0lid43
ERROR: We recieved an unknown response for 012i0n
ERROR: We recieved an unknown response for 012din87319
.
.
.

can i use this in windows? pls tell, or if not then is there any way to do this in windows?

yes ‘Unofficially WPScan supports it.’
From WPScan readme file, it says :

Installing on Windows: (not tested)
gem install typhoeus
gem install nokogiri
gem install json

i got this error when im trying to brute force

/pentest/web/wpscan-1.0/lib/bruter.rb:41:in `brute’: undefined method `disable_memoization’ for # (NoMethodError)
from wpscan.rb:369:in `’

please help

Comments are closed.