Today we will examine the "WPScan" hack tool used to hack WordPress sites, let's get started:
What's WPScan?
WPScan, or in its unabridged form, WordPress Security Scanner is a hacking tool that is made by the WPScan Team using the Ruby programming language.
What operating systems does WPScan run on?
WPScan can be operated with different methods in many operating systems such as Windows, macOS, especially Linux and Linux distributions.
Now, I'll show you how you can run and use WPScan on Kali Linux.
Use
Let's learn how to use WPScan, now let's open the terminal for this and start using it.
Code:
wpscan --url site.com # it general scans about the site
Code:
wpscan --url site.com enumerate p # it shows the WordPress plugins available on the site.
Code:
wpscan --url site.com enumerate vp # it shows have vulnerable plugins
Code:
wpscan url www.siteniz.com enumerate u # it shows the authorized persons on the site and their usernames.
Code:
wpscan url www.siteniz.com enumerate t # it shows the theme used on the site.
Code:
wpscan --help # it shows all commands.
Brute force attack to the site.
Code:
wpscan --url site.com --usernames target-user-name --password password / list / where / directory
Source:https://www.turkhackteam.org/siber-guvenlik/1978577-wordpress-hacking-1-wpscan.html
What's WPScan?
WPScan, or in its unabridged form, WordPress Security Scanner is a hacking tool that is made by the WPScan Team using the Ruby programming language.
What operating systems does WPScan run on?
WPScan can be operated with different methods in many operating systems such as Windows, macOS, especially Linux and Linux distributions.
Now, I'll show you how you can run and use WPScan on Kali Linux.
Use
Let's learn how to use WPScan, now let's open the terminal for this and start using it.
Code:
wpscan --url site.com # it general scans about the site
Code:
wpscan --url site.com enumerate p # it shows the WordPress plugins available on the site.
Code:
wpscan --url site.com enumerate vp # it shows have vulnerable plugins
Code:
wpscan url www.siteniz.com enumerate u # it shows the authorized persons on the site and their usernames.
Code:
wpscan url www.siteniz.com enumerate t # it shows the theme used on the site.
Code:
wpscan --help # it shows all commands.
Brute force attack to the site.
Code:
wpscan --url site.com --usernames target-user-name --password password / list / where / directory
Source:https://www.turkhackteam.org/siber-guvenlik/1978577-wordpress-hacking-1-wpscan.html