Results 1 to 2 of 2

Thread: use of wpscan

  1. #1
    Just burned his ISO
    Join Date
    Dec 2011

    Default use of wpscan

    WPScan – WordPress Security Scanner (from

    by Syed Alam

    What is WPScan?

    WPScan is wonderful and super fast wordpress vulnerability scanner written in ruby language, sponsored by RandomStorm and hosted by Googlecode. It provides you an easy way to penetrate wordpress blogs using blackbox techniques.

    How to use WPScan?

    One more thing we need here; is to download keywords database which will be used for brute forcing.

    gunzip darkc0de.lst.gz

    Example usage of this application :

    Do ‘non-intrusive’ checks…
    ruby ./wpscan.rb --url <URL>
    -confirms use of wordpress-

    Do wordlist password brute force on enumerated users using 50 threads…
    ruby ./wpscan.rb --url <URL> --wordlist darkc0de.lst --threads 50

    Do wordlist password brute force on the ‘admin’ username only…
    ruby ./wpscan.rb --url <URL> --wordlist darkc0de.lst --username admin

    Generate a new ‘most popular’ plugin list, up to 150 pages…
    ruby ./wpscan.rb --generate_plugin_list 150

    Enumerate instaled plugins…
    ruby ./wpscan.rb --enumerate p
    Last edited by g0tmi1k; 01-16-2012 at 08:23 AM. Reason: Removed 'live' URLs

  2. #2
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010

    Default Re: use of wpscan

    You can also find darkc0de.lst here:
    Have you...g0tmi1k?

Similar Threads

  1. ./ ./ problem
    By Jaylong in forum Beginners Forum
    Replies: 1
    Last Post: 12-20-2010, 09:30 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts