WordPress is one of the most popular CMS among its entire open source competitor. WordPress has very simple and open framework. It is the most desirable choice of any hacker to start learning hacking with it.
Today we will look at tool called wpscan. This tool is vulnerability scanner for any WordPress installation. It will let you know following things
- Version of the WordPress
- Known list of information disclosure files (ex. Readme.html)
- WordPress usernames
- WordPress Plugin names
- Bruteforce for password (Password list needs to be generated)
How this information is useful to me/attacker?
- You can check your WordPress installation version against current available version
- You can check known vulnerability using Google for the version you have installed
- Information disclosure files are easiest way to get installed version of WordPress
- Enumerated usernames can be brute-forced
- Plugins can be attacked against known vulnerability
How to use this tool?
- For basic WordPress information #ruby wpscan.rb –url <URL>
- For username enumeration #ruby wpscan.rb –url <URL> –enumerate u
- For plugin enumeration #ruby wpscan.rb –url <URL> –enumerate p
- For password brute force attack #ruby wpscan.rb –url <URL> –wordlist <Password file> –username <user name>
All commends are explained in following video
Download and installation
Please use the up to date instructions found here; http://code.google.com/p/wpscan/wiki/README
