Results 1 to 2 of 2

Thread: use of wpscan

Threaded View

  1. #1
    Just burned his ISO
    Join Date
    Dec 2011
    Posts
    4

    Default use of wpscan

    WPScan – WordPress Security Scanner (from http://www.hackersgarage.com/wpscan-...y-scanner.html)

    by Syed Alam

    What is WPScan?

    WPScan is wonderful and super fast wordpress vulnerability scanner written in ruby language, sponsored by RandomStorm and hosted by Googlecode. It provides you an easy way to penetrate wordpress blogs using blackbox techniques.


    How to use WPScan?

    One more thing we need here; is to download keywords database which will be used for brute forcing.

    wget http://static.hackersgarage.com/darkc0de.lst.gz
    gunzip darkc0de.lst.gz

    Example usage of this application :

    Do ‘non-intrusive’ checks…
    ruby ./wpscan.rb --url <URL>
    -confirms use of wordpress-

    Do wordlist password brute force on enumerated users using 50 threads…
    ruby ./wpscan.rb --url <URL> --wordlist darkc0de.lst --threads 50

    Do wordlist password brute force on the ‘admin’ username only…
    ruby ./wpscan.rb --url <URL> --wordlist darkc0de.lst --username admin

    Generate a new ‘most popular’ plugin list, up to 150 pages…
    ruby ./wpscan.rb --generate_plugin_list 150

    Enumerate instaled plugins…
    ruby ./wpscan.rb --enumerate p
    Last edited by g0tmi1k; 01-16-2012 at 08:23 AM. Reason: Removed 'live' URLs

Similar Threads

  1. ./wpscan.py ./wpspy.py problem
    By Jaylong in forum Beginners Forum
    Replies: 1
    Last Post: 12-20-2010, 09:30 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •