WPSCAN function is peeking version of WordPress sites. Not limited to that, it can even be used to see the gap of a plugin / theme used on your website. Which are vulnerable and allowing a hacker infiltrated.

From here you are able to utilize WPSCAN for preventive action against hacker attacks.

Scan your WordPress Security with WPSCAN (Image: speedofcreativity.org)

This application can be installed on several Linux and MAC only. https://github.com/wpscanteam/wpscan. At This moment, I will review how to install and use WPSCAN in Debian 6.

1. Perform row commands below:

# apt-get update
# apt-get upgrade
# apt-get install git make libcurl4-openssl-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
# apt-get install curl
# \curl -L https://get.rvm.io | bash -s stable –ruby
# git clone https://github.com/wpscanteam/wpscan.git
# gem install bundler
# cd wpscan
# bundle install –without test development
# find /usr/local/ -name ‘readline’
# cd /usr/local/rvm/src/ruby-1.9.3-p385/ext/readline
# ruby extconf.rb
# make
# make install
# cd wpscan/
# wget http://static.hackersgarage.com/darkc0de.lst.gz
# gunzip darkc0de.lst.gz

2. After all finished, then wpscan is ready to use. The following basic commands to use wpscan:

–update (Update to the latest revision)
–url -u (The WordPress URL/domain to scan)
–force -f (Forces WPScan to not check if the remote site is running WordPress)
–enumerate | -e [option(s)] Enumeration.

option:
u (usernames from id 1 to 10)
u[10-20] (usernames from id 10 to 20. you must write [] chars)
p (plugins)
vp (only vulnerable plugins)
ap (all plugins. Can take a long time)
tt (timthumbs)
t (themes)
vt (only vulnerable themes)
at (all themes. Can take a long time)

Summase

Founder of Blogmarketingtool.com. I am Full time blogger, internet marketer, SEO specialist, web development. I love blogging to share my business and marketing experience.