Using WPScan: Finding Word Press Vulnerabilities

Perquisites and installation.

This is complicated. It is not something that you should do by trial and error. Infact, Posting this at WA may be a bad idea.

http://mox5500.github.io/blog/wpscan-on-windows/

now open cmd in and type these commands

With the ever growing necessity for cyber security in the World Wide Web, a tutorial on using WPScan is emerging to be a much needed best practice for website developers.

A WPScan is a great tool to assist in identifying probable weaknesses, and to generally check on areas which can improve or be used against you.

WPScan aids in searching for vulnerabilities in:-

• The core version of the Word Press website
• The plug-ins
• The themes
• Weak passwords
• Users
• Security configuration

In addition, the WPScan team is committed to checking for vulnerable software and maintains an expanding list of vulnerabilities.

Therefore, WPScan is on the cutting edge in running security tests on WordPress websites to observe if they are hack-proof.

Using the most basic commands of the WPScan

• 1)Updating WPScan

For best optimization of the scanning of vulnerabilities of a website, an update has to be performed.

For best optimization of the scanning of vulnerabilities of a website, an update has to be performed.

Step 1:

Open Terminal and change your directory to the wpscan folder downloaded during installation

cd wpscan

From this directory run a command to pull the latest update from Github, and then another command to update the database.

git pull

ruby wpscan.rb –update

You will then see the WPScan logo and a note that the database update has completed successfully.