Imagine a tool that can scan your WordPress website with a single command and provide information such as how many plugins are present, whether the plugins are up to date, and whether the plugins or website are vulnerable. and you can get this information by the single line of command Today’s blog is all about WPscan, one of the greatest tools for scanning websites.
WPscan
The WPScan is a Command Line Interface (CLI) tool that is free, for non-commercial use, black box WordPress security scanner is written for security professionals and blog maintainers to test the security of their sites.
Installation
The good thing is wpscan comes pre-install in most of the Pentesting Distro like Kali Linux or Parrot OS but if you want to install it then You can do this via these steps
- Open your terminal and paste this command sudo apt install ruby ruby-devand enter
- After Installing the above Requirement then paste this command sudo gem install wpscan for installing wpscan
- After installing wpscan successfully you can launch the tool from the Terminal by simply typing wpscan
How to Use it?
This tool is very simple to use, after installing it, simply type wpscan -h in the terminal to see all of the options for scanning a website.
If you want to see the tools settings, simply type the tool name and -h (wpscan -h) it will show you all of the options available in that tool.
We need to focus on a few options here.
To scan the WordPress website you need to enter the following command wpscan –url https://allsafesecure.com -e vp, ap, p, vt, at, t. after –url put the target website name
Note:– Before scanning any website, you must first obtain permission from the person/organization. Scanning a website without permission is a crime, and this blog is all about informing you on how to scan your own website; we do not promote cybercrime.
And here you get all the information related to the website information like Themes, Plugins, Robots.txt,
And we got one loop-hole also